With FaceApp gaining popularity worldwide, scammers have found a new way to make a quick buck. They are using a fake ‘Pro’ version of the application to lure users looking to download the popular app.
How does the scam work?
Discovered by ESET researchers, the scam out is carried in two ways by scammers. For this, they are taking advantage of fake ‘Pro’ version of the app, which includes some extra features and can be availed by paying some amount. The different methods include the use of fake websites and YouTube videos.
In this, attackers use a fake website that claims to offer the premium version of FaceApp for free. However, in reality, the scammers trick the victims into clicking through countless offers for other paid apps, subscriptions, ads and surveys. The app also asks the victim’s permission to allow display notifications. Once these notifications are enabled, they can lead to further fraudulent offers.
“During our test, we ended up with the regular, free version of FaceApp that is also available on Google Play. However, instead of using Google Play as the source, the app was downloaded from a popular file-sharing service (mediafire.com). This means users could easily end up downloading malware if that was the attackers’ intention,” said ESET researchers.
Fake YouTube videos
Here, the scammers have created several YouTube videos that promote download links for a free ‘Pro’ version of FaceApp. This shortened download links, however, redirects users to install various additional apps from Google Play Store.
Citing the perils of such scams, the researchers said, “While this type of scam is typically used merely to deliver ads, the shortened links could lead to users installing the malware in just one click.”