FaceApp creates wave of opportunity for scammers on fake webs and YouTube

Next story

BRATISLAVA – The latest hype around the FaceApp application has attracted scammers who want to make some quick profits, ESET research has shown. Scammers have been using a fake “Pro” version of the application as bait and have made an effort to spread the word about this fictitious version of the currently- viral app. One form of the scam uses a fake website that claims to offer a premium version of FaceApp. The  second type of scam includes YouTube videos again promoting download links for a “Pro” version. One of the fraudulent YouTube videos had over 150,000 views at the time of writing this research.

The legitimate FaceApp application offers various face-modifying filters and is available for both Android and iOS. While the app itself is free, some features marked as “PRO”, are paid. Along with the viral potential of its popular filters, FaceApp has of late, generated a huge wave of media attention amid concerns about online privacy.

In one of the scams we have seen, attackers use a fake website that claims to offer a premium version of FaceApp. In reality, the scammers trick their victims to click through countless offers for installing other paid apps and subscriptions, ads, surveys and so on. The victim also receives requests from various websites to allow the display of notifications. When enabled, these notifications lead to further fraudulent offers. The YouTube videos contain download links that point to apps whose only functionality is to make users install various additional apps. The shortened links could lead to users installing malware as well.

“There were well over 200-thousand stories online this Thursday about the fake and fictitious FaceApp Pro. Only one of the YouTube videos we found had more than 150-thousand views, however, its malicious links were clicked on over 90-thousand times,” says ESET Researcher Lukáš Štefanko.  “Legitimate businesses don’t even dream of such a high click-through rates as these cybercriminals have been able to achieve,” he opines.

A YouTube video claiming to offer a link for downloading the installation package (APK) for a “FaceApp Pro” application for Android

Before joining the hype, users should remember to stick with basic security principles. Regardless of how exciting the ‘opportunity’ seems, avoid downloading apps from sources other than official app stores, and examine available information about the app (developer, rating, reviews, etc.). As insurance in cases where the user falls victim to a scam, having a reputable security app installed on a mobile device can help prevent some negative consequences.

For more details, read “With FaceApp in the spotlight, new scams emerge” on WeLiveSecurity.com and follow ESET research on Twitter.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET has become the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.