Malicious software posing as a kids’ game app has breached the security of the Apple App Store and has tricked numerous users, scamming them for money with casino-like features.
Distributed in the App Store as a game for ages 4 and older, “Jungle Run” turned out to be a malicious app that was secretly set up by a crypto-currency-backed casino to scramble people out of money.
As per the reports, Jungle Run was able to convert into a crypto-funded casino when the VPN is changed to Turkey, Kazakhstan, Italy, etc. The Jungle Run casino was believed to operate everywhere except in the U.S.
The developer of the malicious app had another app on the Apple App Store, disguised under the name of “Magical Forest Puzzle”, that opened another casino using the same VPN trick.
Researchers have been commenting that this is an innovative way of using social engineering to circumvent Apple’s App Store security.
Immediately after the Jungle Run casino app was reported and confirmed to be a shady casino game disguised as a game for kids, Apple took it down from their Store. However, security professionals are warning that it has been accessible for months.
Jungle Run’s review section included user complaints reporting about deposit and payout scams. The amount of money that the scammers have earned from unsuspected users, however, is difficult to tell.
One is clear, Jungle Run was available until recently in the Apple App store and has managed to trick a number of users.
This incident, however, indicates a more concerning tendency where official App Stores are successfully compromised by more and more malicious mobile apps.
Recently, the Google Play Store also entered the news headlines with the distribution of a bogus Netflix app that managed to infiltrate users through WhatsApp accounts and spam their contacts with other malware.
Pressure is growing on these app marketplaces to increase security screening for applications before they become available for download to the users.