International. The recent rise of the FaceApp application attracted scammers, who designed deception models to try to take advantage of the good time that the app is going through, as analyzed by the company specialized in computer security, Eset.
The FaceApp app, which offers several filters that modify the face, is available for both Android and iOS. While the app itself is free, some features, marked "PRO," are paid. The recent concern about how FaceApp handles privacy grabbed the attention of a large number of international media.
Scammers have been trying to take advantage of this wave of interest in the app in different ways, for example, using as a decoy a fake "Pro" version – for free – of the application. Scammers have also made an effort to spread this fictionalized version of the app that has gone viral these days – at the time of writing, a Google search for "FaceApp Pro" yields nearly 200,000 articles.
We've seen two ways scammers try to make money with the non-existent "Pro" version of FaceApp.
Fake websites
In one of the scams we have seen, attackers have used a fake website in which the "premium" version of FaceApp is offered for free (see home image).
In reality, scammers trick their victims into clicking on an innumerable number of offers to install other paid apps, as well as subscriptions, ads, surveys, etc. Victims also receive requests from various websites to allow notifications to be deployed. When enabled, these notifications lead to new fraudulent offers.
During our trial, we ended up with the regular, free version of FaceApp that's also available on Google Play. However, instead of using Google Play as a source, we downloaded the app from a popular file-sharing service (mediafire.com). This means that users could easily end up downloading malware if that was the attackers' intention.
Videos de YouTube
The second type of scam includes YouTube videos, through which download links for a free "Pro" version of FaceApp are also promoted. However, the shortened download links point to apps whose only functionality is to have users install several additional apps from Google Play. One of the YouTube videos has over 150,000 views at the time of writing.
While this type of scam is typically used simply to display ads, shortened links could lead to users installing malware with a single click. We've seen this happen in the past, for example, with the video game Fortnite being used as a decoy.
While the mentioned link was clicked more than 96,000 times, this data does not tell us much about the number of actual installations (although it is any large company would like to have that high click-through rate).
Conclusion
Anything in vogue attracts scammers, and the bigger the wave, the greater the risk of falling victim to a scam. Before joining and participating in what is fashionable or that is being used, as in this case can be the FaceApp app, users must remember to adhere to the basic principles of security.
Regardless of how exciting the topic is, avoid downloading apps from sources other than the official app stores, and examine the information available about the app (developer, rating, feedback, etc.). Especially in the Android ecosystem, there are hoaxes around every popular app or game. However, the chances are good that security-conscious users will be able to recognize fake genuine offers. As a security measure in case a user falls victim to a scam, having a reputable security application installed on their mobile device can be of great help to avoid negative consequences.
Source: Eset.
