17 April 21, 08:00
Quote:A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money.
Kosta Eleftheriou, who found the scam, is a tech entrepreneur and founder of the Apple Watch keyboard app FlickType who, it’s worth noting, is currently entangled in anti-trust litigation he filed against Apple in March.
He’s also developed a popular cybersecurity side hustle tracking down malicious apps lurking in the iOS store. His latest discovery was that Jungle Run, which was marketed in the App Store as a game for ages 4+, transformed into a crypto-funded casino when he set his VPN to Turkey.
He later discovered that the Jungle Run casino also worked when VPNs were set to Italy and Kazakhstan. He mused on Twitter whether it was available everywhere but the U.S.
“This is a creative method of social engineering to bypass Apple’s technical security controls,” Chris Morales, CISO at Netenrich, said via email. “Simple creative human intelligence beating machine learning. This is the same reason phishing still works and social engineering is the number one technique for attacks, not advanced malware.”
Read more: iOS Kids Game Morphs into Underground Crypto Casino | Threatpost