Malvertising campaign pushes data-collecting VPN on iOS users

Hear a high-pitched beeping sound? It’s all a ruse!

David bisson
David Bisson

Malvertising campaign pushes data-collecting VPN on iOS users

A malvertising campaign is targeting iOS devices with a VPN that doesn’t hide the fact it collects large quantities of users’ information.

The operation displays rogue ads on popular Torrent websites.

If a user clicks on one of the rogue ads, the malvertising chain redirects them to a fake website that claims their device has suffered a virus infection. It also employs the aggressive tactic of playing a high-pitch beeping. To help address the “issues,” the site provides a link to a program called “My Mobile Secure.”

Sign up to our free newsletter.
Security news, advice, and tips.

Fake warning

“We have detected that your Mobile Safari is (45.4%) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.

“Immediate action is required to prevent it from spreading and infecting sensitive data like your Facebook account, Whatsapp messages photos private applications [sic]”

Funny… the supposed “fix” advertised by the site is is a lot worse than that!

When someone clicks “Remove Virus,” their device presents an installation prompt for a VPN called “My Mobile Secure.” But I use the term “VPN” loosely. The main reason? My Mobile Secure is linked by users’ emails to MobileXpression, a market firm which seeks to study web behavior by collecting users’ information. A LOT of it.

Just look at this mess of a privacy policy for something that’s supposed to deanonymize users on the web:


Malwarebytes’ lead malware intelligence analyst sums up this program in a blog post:

“In this particular case, one cannot help but feel that this VPN application comes with some serious baggage and unfortunately the average user will not take the time to review the fine details. If the intent is to use a VPN to anonymize your online activities, this does almost the opposite.”

It’s reasonable to expect nothing more from a malvertising campaign. With that said, users should take great care to not click on suspicious ads and should consider installing an ad-blocker in their web browsers. They should also consider downloading a VPN, but they should make sure to research VPN providers and their privacy policies carefully before they choose a solution.

For more information regarding what advantages a legitimate VPN provides, click here.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

2 comments on “Malvertising campaign pushes data-collecting VPN on iOS users”

  1. John Root

    Why do dodgy emails, and dodgy warnings as above, always use flaky English ? These always shriek "RED ALERT" on their own.

    A few observations from above:
    (6) does not need to be in brackets; it might if it were preceded by the word "six"
    As (6) is plural, it seems useless to remove a single virus
    Since when was the Apple iPad a "cell phone".

    I'll leave the discovery of at least 2 more to the educated reader.

  2. HailHydra

    about the post. Yeah, I pretty much get the same crap on my android, and previously over my Lumia too. It's the same thing, just different packaging. Also, the solution itself is crappy and dodgy here.

    But that shouldn't mean every tool is shady. Tim Berners-Lee (pioneer of WWW so to speak) himself feels it shouldn't have come to this and that people and their privacy should have been protected by the government but as it turns out, vpns like ivacy, tor, express and third party tools to protect privacy have become a necessity, even if means seeking means other than the ones provided by authorities, because let's face it, with this law, we're on our own now!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.