Video Screencast Help
Security Response

“Sakura” Site App on the Apple App Store

Created: 13 Jun 2013 21:47:18 GMT • Updated: 23 Jan 2014 18:06:29 GMT • Translations available: 日本語
Joji Hamada's picture
+1 1 Vote
Login to vote

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on the English page.
 

image1_2.png

Figure 1. English version on the App Store
 

However, the introduction on the Japanese page suggests that the app may have something to do with pornography. The page also states that users need to be over 18 years of age and that the app is available for a free download for a limited time only.
 

image2_1.png

Figure 2. Japanese version on the App Store
 

Once installed and launched, the app’s appearance resembles the App Store.
 

image3_2.png image4_0.png image5_1.png

Figure 3. Supposedly downloadable apps
 

By turning off the network connection on the device and then reopening the app, no content is displayed in the app because it could not download it from the Internet.
 

image6_0.png

Figure 4. Result of no network connection on the device
 

When the non-existent apps within the app are opened, the default browser on the device opens various dating service sites that are all hosted on the same domain. Interestingly, the domain has been known to host the Android version of the same dating scam as well.
 

image7_1.png

Figure 5. “Sakura” dating site used in the scam
 

Once users sign-up for the service, they will soon be bombarded with messages from non-existent people interested in meeting them. The messages are actually sent from people hired by the operators of the dating service; this type of person is known colloquially in Japan as a “sakura.” The ultimate goal of the sites is to trick users into purchasing points to continue the online conversations. There is little chance that the users will ever be able to physically meet anyone on the site. Hence, this type of site is generally known as a “sakura” site in Japan. The email accounts the victims used to sign up to the site may also end up receiving spam from various dating services.

The offending app is clearly in violation of the App Store policy for various reasons and has been removed from the store. How could the app have been approved in the beginning? Because the app simply acts as a frame, different content, perhaps game related, could have been used during the approval process. As this is big business for the scammers, they devise various strategies to spread their scam. Users need to be vigilant wherever they may be downloading their apps from.

The following video shows how this scam works (note that an Android device was used to capture the video):
 

Default Chromeless Player