Antivirus BitMedic developer fake reviews

Discussion in 'Mac Apps and Mac App Store' started by 1337watchdog, Oct 12, 2016.

  1. 1337watchdog macrumors newbie


    Apr 24, 2016
    Recently I noticed that some of developers on the Mac AppStore are manipulating the review system of Apple, tricking customers to buy their app.

    More through they have written in the app description things that are not possible under Apple terms and macOS Sandbox.

    So let's get started:

    Fake Reviews
    I had monitored the app called Antivirus BitMedic since it's release. From it's last update which was on March, the app took the Top Grossing place between the places 3 to 10. What was took my attention is that on last two months the app did start to receive only 5 star positive reviews but only when 1 or 2 negative reviews were received.

    So what I am saying is that from March until August the app had almost same amount of buyers but not so much positive reviews received and suddenly some large number of positive reviews is received, but when, when 1 or 2 negative reviews are received... quite strange from my point of view.

    After I read the reviews many customers are reporting that while using the new macOS Sierra the app is crashing.
    With a fast search on the AppStore on the BitMedic page / recent reviews you will notice that the developer actually did respond to the negative reviews with positive reviews.
    I've contact Apple showing them this point of view but until now there was no action taken by them, this is the reason why I am going public.

    Description misinforming customers
    The developer is pretending that his app is doing things that are practically not possible under Apple SandBox and I will provide some info bellow.

    1. "Designed for Mac. Virus & adware database updated multiple times per day. 24/7 real-time protection!" - really? 24/7 real-time protection? What means really 24/7 real-time protection? It means that if I will download a infected dmg,pkg or any macOS executable file and run it, the BitMedic will take the file before the macOS kernel will run it, put it into a private sandbox, examine it and than pass it to the kernel, which is NO WAY possible under the Apple Sandbox.

    2. The developer is using "OPSWAT Certified Product -" telling that his app is certified. No way. Please check the web site and than search under the MacOS and see that there are NO MacOS apps certified by this entity.

    3. "#1 Fastest and most secure Real-time AntiVirus & Adware App on Mac App Store. Tested & certified." Tested and certified by who? I think that the developer is the only person who certified his apps.

    I hope Apple will proceed and review the apps firmly in order to provide good and genuine apps to the customers.
  2. neeklamy, Oct 12, 2016
    Last edited: Oct 12, 2016

    neeklamy macrumors newbie

    Jul 6, 2012
    Getting hold of anyone at Apple and trying to do anything slightly out of the norm is a pain, I know! So this isn’t worth anything, but you get a hearty “thank you” from me for your valiant efforts!

    Have you contacted OPSWAT about the developer, Pocket Bits’, continued use of their certificate in promotional materials? I’m sure OPSWAT would be interested in this misuse of their name and trademarks and might have a bit more leverage at Apple.

    Thanks for fighting the good fight!
  3. nnoble macrumors regular

    Jun 19, 2011
    Interesting post with useful pointers about what to look for. If I see a series of 5* reviews as soon as an application appears, or immediately after a new update, I click on 'other reviews by this user' to see if it's the only app they have ever reviewed. If it is, then I tend to discount the review. And if there are a series of 5* reviews from 'users' posting for the first time, then I avoid the application like the plague.
  4. 1337watchdog thread starter macrumors newbie


    Apr 24, 2016
    Yep you are perfectly right, but the thing is that many customers don't know this things and they put all their trust in the Apple AppStore team and the Software Engineers who should proper review the apps.

    It is unacceptable on your platform (AppStore) to allow apps, such this one, who is pretending to do things which are not even true.

    It is the same like you buy a car, the manufacturer tells you that it has "y" feature and when you will need that feature you will be surprised to find out that your "wonderful car" does not have it.

    I was a great Apple fan but day by day I see that the only thing Apple cares is money and more money......
  5. chscag macrumors 68000

    Feb 17, 2008
    Fort Worth, Texas
    Nothing new about that. It's been going on for years. The Mac App Store is and has been a buyer beware forum for purchasing apps. There are some real good apps there but they're in the minority compared to the review bloated apps that are predominant.
  6. olivergreen macrumors newbie


    May 16, 2017
    New York
    I've been looking into developing an Antivirus app for the Mac App Store. After doing a lot of research, there are a TON of FAKE antivirus apps manipulating the mac app store. You'll notice that new legitimate Antivirus apps have tried to break into the market like Trend Micro (publicly traded company) and Kaspersky. These guys immediately get 1 star ratings and reviews from shady looking accounts written in broken English. On the other end of the spectrum, you have Thor Antivirus by Amelia Dybala which looks like an app that completely lacks any sort of modern graphics. Screenshots that look like they were done on Fiverr and a product that seems to pose as an Antivirus app getting 2600 ratings for a paid app. These reviews are written in broken English too. Bad reviews have been marked as unhelpful to bury them behind fake positive reviews marked as helpful.

    It's easy to tell these reviews are fake by looking at the reviews/ratings from other countries. FAKE apps with FAKE reviews target mainly USA. There is a natural and real looking trend that trickles down into the international app stores and you can identify the fake apps gaming the market because they have no international reviews/ratings.

    In regards to the OPSWAT Certification. The link you gave was for "legacy" which means it's been outdated and there is a new version. All these apps like to state OPSWAT Certification and EICAR tested. EICAR is just a test virus. If it fails that, then it's obviously not even a real antivirus scanner. In regards to BitMedic, I did see them on the OPSWAT website under Pocket Bits LLC. They are both under legacy and the new updated OPSWAT certifications.
  7. olivergreen macrumors newbie


    May 16, 2017
    New York
    Another interesting note is to compare these two apps. They are the same developer, but released under 2 different developer accounts. This is another issue that Apple is not catching onto. SPAM in the Mac App Store.

    Look up:

    Thor Antivirus - Amelia Dybala
    AntiVirus BitSweeper - Adrian Borbas

    These apps are almost identical with almost identical screenshots. Both averaging almost a perfect 5 stars. Suspicious? Yes.
  8. chscag macrumors 68000

    Feb 17, 2008
    Fort Worth, Texas
    As already stated, this has been going on for quite awhile. Which is why before purchasing any app from the Mac App Store you need to do some serious research unless you know the developer and the app. Names are changed, reviews faked, updates sometimes faked to draw more customers. By the way, the iTunes App Store is beginning to get just as bad.
  9. Anderton macrumors newbie


    Sep 15, 2012
    Thor Antivirus and AntiVirus BitSweeper = The infamous Nikoff Security.

    When it comes to AntiVirus/Anti Malware applications, if you see one at the Mac App Store, you can almost certainly bet it's utter rubbish and not trustworthy. Even if i'm not really a fan* of the ”traditional” Anti Malware/Virus solutions from the more well known developers on the Mac side like Trend Micro, Kaspersky, Sophos, Bitdefender, ESET, AVG, Norton, Avira and Avast, at least they come from developers that are well known, have a support organisation, that you can contact and easily lookup business information.

    Also, the above mentioned well known developers (mostly) is also doing research using well known security researchers.
    Installing applications or solutions regarding security from a no-name developer with bold claims without doing some research (max 5 minutes of basic googling) is nothing you should do, even if it's from the Mac App Store.


    *Instead of using the ”traditional” AV software, i use a combo of different applications and recommendations/tips (listed below is my ”basic” set):


    - Malwarebytes for Mac (Free/Paid. I use the free one)

    For scanning for PUPs or other types of Malware (even the Apple Support themselves is recommending Malwarebytes in some support cases),

    - LittleSnitch (Paid).

    Firewall/Monitor tool for block/allow primarily the outgoing connections (calling home) your applications or system makes, of which many of them is unnecessary or could have privacy issues. Apps could also send usage information that you didn't know about or they could send data of a malicious nature. Can be a bit overwhelming for the casual user.

    - Objective-See apps (Free)
    (Note: some of the apps is integrated with Googles Virustotal service) from one of the most well known Mac security researchers, Patrick Wardle –,

    I use:
    • BlockBlock (warns if something is installed persistently, which most malware tries to do, and let's you choose if you want to block or allow)
    • RansomWhere? (By continually monitoring the file-system for the creation of encrypted files by suspicious processes, RansomWhere? aims to protect your personal files, generically stopping ransomware in its tracks)
    • KnockKnock ("Who's there?" See what's persistently installed on your Mac.)
    TaskExplorer (Explore all the tasks (processes) running on your Mac. Quickly see a task's signature status, loaded dylibs, open files, network connection)
    Dylib Hijack Scanner or DHS (Dylib Hijack Scanner or DHS, is a simple utility that will scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.)

    - Suspicious Package (free)

    With Suspicious Package, you can answer these questions and more. Maybe you're quite literally suspicious of a package you've downloaded. Or perhaps you're just curious about what some package does. Or maybe you want to find out after the fact exactly what files a package scattered across your computer. Whatever the reason, Suspicious Package allows you to see inside an installer package.

    If i should narrow it down more, and make it really simple, i would say that you should have Malwarebytes and BlockBlock installed to have at least some protection.


    - Guide: A practical guide to securing macOS (free, updated all the time)

    Keep up
    To keep up to date with current threats, malware or other stuff regarding security on Mac/iOS and others.

    - Twitter: Thomas Reed (Security researcher at Malwarebytes)

    - Twitter: DubiousMind (”Lead Software Security Engineer”, knows Apple OSes better than Apple sometimes)

    - Twitter: Ivn (AppSec Eng Shopify Mobile Security Engineer, Cryptography Enthusiast,  Developer)

    - Twitter: Rich Trouton (Derflounder)

    - Twitter: Patrick Wardle (Director of Research at Synack. Builder of Objective-See com)

    - Twitter: Claud Xiao (Security Researcher at Palo Alto Networks)

    - Twitter: Howard Oakley (Former MacUser writer. macOS guru)

    - Twitter: Pepijn Bruienne (MacAdmin. Co-host of the MacAdmins Podcast)

Share This Page