Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Antivirus BitMedic developer fake reviews

1337watchdog

1337watchdog

macrumors newbie
Original poster
Apr 24, 2016
17
8
Recently I noticed that some of developers on the Mac AppStore are manipulating the review system of Apple, tricking customers to buy their app.

More through they have written in the app description things that are not possible under Apple terms and macOS Sandbox.

So let's get started:

Fake Reviews
I had monitored the app called Antivirus BitMedic since it's release. From it's last update which was on March, the app took the Top Grossing place between the places 3 to 10. What was took my attention is that on last two months the app did start to receive only 5 star positive reviews but only when 1 or 2 negative reviews were received.

So what I am saying is that from March until August the app had almost same amount of buyers but not so much positive reviews received and suddenly some large number of positive reviews is received, but when, when 1 or 2 negative reviews are received... quite strange from my point of view.

After I read the reviews many customers are reporting that while using the new macOS Sierra the app is crashing.
With a fast search on the AppStore on the BitMedic page / recent reviews you will notice that the developer actually did respond to the negative reviews with positive reviews.
I've contact Apple showing them this point of view but until now there was no action taken by them, this is the reason why I am going public.

Description misinforming customers
The developer is pretending that his app is doing things that are practically not possible under Apple SandBox and I will provide some info bellow.

1. "Designed for Mac. Virus & adware database updated multiple times per day. 24/7 real-time protection!" - really? 24/7 real-time protection? What means really 24/7 real-time protection? It means that if I will download a infected dmg,pkg or any macOS executable file and run it, the BitMedic will take the file before the macOS kernel will run it, put it into a private sandbox, examine it and than pass it to the kernel, which is NO WAY possible under the Apple Sandbox.

2. The developer is using "OPSWAT Certified Product - https://www.opswat.com/certified/legacy" telling that his app is certified. No way. Please check the web site and than search under the MacOS and see that there are NO MacOS apps certified by this entity.

3. "#1 Fastest and most secure Real-time AntiVirus & Adware App on Mac App Store. Tested & certified." Tested and certified by who? I think that the developer is the only person who certified his apps.

I hope Apple will proceed and review the apps firmly in order to provide good and genuine apps to the customers.
 
  • Like
Reactions: old-wiz, nnoble and neeklamy
Getting hold of anyone at Apple and trying to do anything slightly out of the norm is a pain, I know! So this isn’t worth anything, but you get a hearty “thank you” from me for your valiant efforts!

Have you contacted OPSWAT about the developer, Pocket Bits’, continued use of their certificate in promotional materials? I’m sure OPSWAT would be interested in this misuse of their name and trademarks and might have a bit more leverage at Apple.

Thanks for fighting the good fight!
 
Last edited:
Interesting post with useful pointers about what to look for. If I see a series of 5* reviews as soon as an application appears, or immediately after a new update, I click on 'other reviews by this user' to see if it's the only app they have ever reviewed. If it is, then I tend to discount the review. And if there are a series of 5* reviews from 'users' posting for the first time, then I avoid the application like the plague.
 
nnoble said:
Interesting post with useful pointers about what to look for. If I see a series of 5* reviews as soon as an application appears, or immediately after a new update, I click on 'other reviews by this user' to see if it's the only app they have ever reviewed. If it is, then I tend to discount the review. And if there are a series of 5* reviews from 'users' posting for the first time, then I avoid the application like the plague.
Click to expand...

Yep you are perfectly right, but the thing is that many customers don't know this things and they put all their trust in the Apple AppStore team and the Software Engineers who should proper review the apps.

It is unacceptable on your platform (AppStore) to allow apps, such this one, who is pretending to do things which are not even true.

It is the same like you buy a car, the manufacturer tells you that it has "y" feature and when you will need that feature you will be surprised to find out that your "wonderful car" does not have it.

I was a great Apple fan but day by day I see that the only thing Apple cares is money and more money......
 
  • Like
Reactions: nnoble
1337watchdog said:
Recently I noticed that some of developers on the Mac AppStore are manipulating the review system of Apple, tricking customers to buy their app.
Click to expand...

Nothing new about that. It's been going on for years. The Mac App Store is and has been a buyer beware forum for purchasing apps. There are some real good apps there but they're in the minority compared to the review bloated apps that are predominant.
 
I've been looking into developing an Antivirus app for the Mac App Store. After doing a lot of research, there are a TON of FAKE antivirus apps manipulating the mac app store. You'll notice that new legitimate Antivirus apps have tried to break into the market like Trend Micro (publicly traded company) and Kaspersky. These guys immediately get 1 star ratings and reviews from shady looking accounts written in broken English. On the other end of the spectrum, you have Thor Antivirus by Amelia Dybala which looks like an app that completely lacks any sort of modern graphics. Screenshots that look like they were done on Fiverr and a product that seems to pose as an Antivirus app getting 2600 ratings for a paid app. These reviews are written in broken English too. Bad reviews have been marked as unhelpful to bury them behind fake positive reviews marked as helpful.

It's easy to tell these reviews are fake by looking at the reviews/ratings from other countries. FAKE apps with FAKE reviews target mainly USA. There is a natural and real looking trend that trickles down into the international app stores and you can identify the fake apps gaming the market because they have no international reviews/ratings.

In regards to the OPSWAT Certification. The link you gave was for "legacy" which means it's been outdated and there is a new version. All these apps like to state OPSWAT Certification and EICAR tested. EICAR is just a test virus. If it fails that, then it's obviously not even a real antivirus scanner. In regards to BitMedic, I did see them on the OPSWAT website under Pocket Bits LLC. They are both under legacy and the new updated OPSWAT certifications.
 
  • Like
Reactions: ck2875
Another interesting note is to compare these two apps. They are the same developer, but released under 2 different developer accounts. This is another issue that Apple is not catching onto. SPAM in the Mac App Store.

Look up:

Thor Antivirus - Amelia Dybala
AntiVirus BitSweeper - Adrian Borbas

These apps are almost identical with almost identical screenshots. Both averaging almost a perfect 5 stars. Suspicious? Yes.
 
As already stated, this has been going on for quite awhile. Which is why before purchasing any app from the Mac App Store you need to do some serious research unless you know the developer and the app. Names are changed, reviews faked, updates sometimes faked to draw more customers. By the way, the iTunes App Store is beginning to get just as bad.
 
  • Like
Reactions: ck2875
Thor Antivirus and AntiVirus BitSweeper = The infamous Nikoff Security.
https://blog.malwarebytes.com/puppum/2016/09/pup-friday-nikoff-security-redux/

When it comes to AntiVirus/Anti Malware applications, if you see one at the Mac App Store, you can almost certainly bet it's utter rubbish and not trustworthy. Even if i'm not really a fan* of the ”traditional” Anti Malware/Virus solutions from the more well known developers on the Mac side like Trend Micro, Kaspersky, Sophos, Bitdefender, ESET, AVG, Norton, Avira and Avast, at least they come from developers that are well known, have a support organisation, that you can contact and easily lookup business information.

Also, the above mentioned well known developers (mostly) is also doing research using well known security researchers.
Installing applications or solutions regarding security from a no-name developer with bold claims without doing some research (max 5 minutes of basic googling) is nothing you should do, even if it's from the Mac App Store.


Related:
https://forums.macrumors.com/thread...th-mac-app-store.2051300/page-2#post-24700024

https://forums.macrumors.com/thread...th-mac-app-store.2051300/page-3#post-25159884
----

*Instead of using the ”traditional” AV software, i use a combo of different applications and recommendations/tips (listed below is my ”basic” set):

Applications

- Malwarebytes for Mac (Free/Paid. I use the free one)
https://www.malwarebytes.com/mac/
For scanning for PUPs or other types of Malware (even the Apple Support themselves is recommending Malwarebytes in some support cases),
----

- LittleSnitch (Paid).
https://www.obdev.at/products/littlesnitch/index.html
Firewall/Monitor tool for block/allow primarily the outgoing connections (calling home) your applications or system makes, of which many of them is unnecessary or could have privacy issues. Apps could also send usage information that you didn't know about or they could send data of a malicious nature. Can be a bit overwhelming for the casual user.
----

- Objective-See apps (Free)
https://objective-see.com/
(Note: some of the apps is integrated with Googles Virustotal service) from one of the most well known Mac security researchers, Patrick Wardle – https://objective-see.com/blog.html, https://twitter.com/patrickwardle

I use:
• BlockBlock (warns if something is installed persistently, which most malware tries to do, and let's you choose if you want to block or allow)
• RansomWhere? (By continually monitoring the file-system for the creation of encrypted files by suspicious processes, RansomWhere? aims to protect your personal files, generically stopping ransomware in its tracks)
• KnockKnock ("Who's there?" See what's persistently installed on your Mac.)
TaskExplorer (Explore all the tasks (processes) running on your Mac. Quickly see a task's signature status, loaded dylibs, open files, network connection)
Dylib Hijack Scanner or DHS (Dylib Hijack Scanner or DHS, is a simple utility that will scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.)
----

- Suspicious Package (free)
http://www.mothersruin.com/software/SuspiciousPackage/

With Suspicious Package, you can answer these questions and more. Maybe you're quite literally suspicious of a package you've downloaded. Or perhaps you're just curious about what some package does. Or maybe you want to find out after the fact exactly what files a package scattered across your computer. Whatever the reason, Suspicious Package allows you to see inside an installer package.
----

If i should narrow it down more, and make it really simple, i would say that you should have Malwarebytes and BlockBlock installed to have at least some protection.

----

- Guide: A practical guide to securing macOS (free, updated all the time)
https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md
https://github.com/drduh/macOS-Security-and-Privacy-Guide
----

Keep up
To keep up to date with current threats, malware or other stuff regarding security on Mac/iOS and others.

- Twitter: Thomas Reed (Security researcher at Malwarebytes)
https://twitter.com/thomasareed

- Twitter: DubiousMind (”Lead Software Security Engineer”, knows Apple OSes better than Apple sometimes)
https://twitter.com/DubiousMind

- Twitter: Ivn (AppSec Eng Shopify Mobile Security Engineer, Cryptography Enthusiast,  Developer)
https://twitter.com/ivRodriguezCA

- Twitter: Rich Trouton (Derflounder)
https://twitter.com/rtrouton

- Twitter: Patrick Wardle (Director of Research at Synack. Builder of Objective-See com)
https://twitter.com/patrickwardle

- Twitter: Claud Xiao (Security Researcher at Palo Alto Networks)
https://twitter.com/claud_xiao

- Twitter: Howard Oakley (Former MacUser writer. macOS guru)
https://twitter.com/howardnoakley

- Twitter: Pepijn Bruienne (MacAdmin. Co-host of the MacAdmins Podcast)
https://twitter.com/bruienne
 
I know this post is ancient history but its the top google hit for Amelia Dybala which I searched for some odd reason. It's funny though reading this. I downloaded one of the Apps you guys are talking about Thor Anti-Virus and was almost immediately suspicious when I actually emailed the developer a question I had about the app (since it was really garbage). I paid $9.99 for the pro version that was offered which upon later comparison did absolutely nothing (even in appearance) from the free version. So I got suspicious and ran all of the files in the app package threw VirusTotal which analyzes files in its own sandbox and compares their sha256 to 60+ databases (McAfee, AVG, TrendMicro, etc. all fairly legit). The main executable file came up as malware on 4 or 5 various malware databases. The best part is that the pro version for 2/3 of 2017 was the number 3 paid app under Utilities. So not only did that person make a ton of money but even more troublesome for Apple I guess is that the #3 app in Utilities was an antivirus app and the general public is supposed to think malware is impossible on Mac.

What really surprised me about this is I posted a number of questions about this issue on the Apple Communities site and was pretty much told I was wrong, lying, crazy, imagining it anything except what I expect in terms of responses. Kinda makes me question if something more complex isn't going on. Maybe like fake reviews, fake usernames sounding authoritative and misleading people.

The biggest take away from it all was:
  1. Apple doesn't care to virus scan apps
  2. Apple doesn't care to check if apps are hiding anything in the binary/using an unprintable encoding/some other obfuscation method
  3. Apple didn't care whatsoever when I posted questions, wrote a bunch of comments, demanded a refund several times, and emailed "product security" -- it continued to be sold for another 6 months from that
  4. Don't ask for a refund for malware downloaded on the App Store (there's a class action lawyer somewhere who would love to hear this)
  5. imho Apple has become this entitled has-been snowballing into its own demise. A lack of malware and a down to earth attitude were why a lot of people switched from Windows but now malware which isn't helped by an arrogant superiority complex on the matter, might be the beginning of their downfall
 
Last edited:
  • Like
Reactions: Anderton
Thor Anti-virus by Amelia Dybala was actually removed from the Mac App Store finally after Apple figured out that this was a fake app (doesn't scan for malware properly) using fake reviews. If you Google Search "Amelia Dybala" you'll actually see this developer talk about this on their website and Youtube. (trying to claim that their app is legitimate). Their Youtube directly slanders MalwareBytes as a "Scam" specifically. Looks like these two companies have it out for each other.

Apple is cracking down on fake/fraudulent developers, which is at least some sort of forward progress.

The top ranked Mac Antivirus apps I've done research on are:

1. Dr. Antivirus - 4000 Ratings
2. Antivirus VirusKiller - 7000 Ratings
3. BitMedic AntiVirus - 270 Ratings

Dr. Antivirus is by Trend Micro with 4000+ ratings. Trend Micro is reputable and publicly traded company. Being a legitimate company would make getting 4000 ratings realistic. Nothing else much to say here really.

Antivirus VirusKiller is OPSWAT Bronze Certified. Which honestly means nothing. Seems like all of these new Antivirus apps are touting "OPSWAT Certified". Let me explain what this certification means. At the Bronze level, your app just needs to be "compatible"...meaning it installs without errors. That's it! (Google it!) Only GOLD level matters, which requires being tested by AVTEST or AV-Comparatives for how efficient and accurate the antivirus app is. They also have 7000 ratings, which is 1.5x that of Dr. Antivirus which isn't that far-fetched...BUT being a PERFECT 5 stars for all 7000 ratings is questionable when Dr. Antivirus (4.5 stars) and BitMedic Antivirus (4 stars) are both more premium products where it is very apparent that they have an entire team behind their product (and charge $20-$30 vs charging $9.99 for an antivirus app).

BitMedic Antivirus is also OPSWAT Bronze Certified...which also means NOTHING. I google searched and verified both VirusKiller and BitMedic are both indeed OPSWAT Certified. I saw other "Antivirus" apps lie about being OPSWAT Certified. BitMedic however is also tested and approved by AV-Comparatives, which requires a minimum of 99% detection rate and 0 false positives. That does matter and is a metric all GENUINE Antivirus apps use like Kaspersky, Avast, Avira, Webroot, Bitdefender, AVG, etc.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back