Amazon Echo, beware of the Alexa app that steals your data

The Setup for Amazon Alexa app is among the most downloaded apps from the App Store, but it's a fake app that steals your data

If you received an Amazon Echo for Christmas and set it up with your iPhone, beware of the app you used. As reported by the US website 9To5 Mac, the "Setup for Amazon Echo" application on the App Store and one of the most downloaded in recent weeks, is actually a fake app created solely to steal user data.

This Christmas, Amazon's voice assistant was one of the best-selling products on the e-commerce site, so much so that on Christmas night Amazon's servers went down due to the high number of requests made by users. To configure Amazon Echo you need to install the Alexa app on your Android or iOS smartphone. Unfortunately, many users downloaded the wrong app from the App Store: instead of installing the official Alexa app, they downloaded "Setup for Amazon Echo" developed by One World Software. Once the app was launched, users who tried to configure their Amazon Echo were disappointed: no response from the voice assistant. The application, in fact, does not allow to do the setup of the Echo, but only steals the device's data and the user's IP address.

Setup for Amazon Echo, the scam app on the App Store

The "Setup for Amazon Echo" app has been very successful on the App Store especially in the last month, so much so that it climbed the ranks of the most downloaded apps on Apple's online store. In the "Utility" category it was the sixth most downloaded app, thanks to the many searches made by users using the keyword "setup for Amazon Echo". The success of the Echo led users to download the wrong app to configure the voice assistant: unfortunately, instead of installing the Alexa app, many fell into the trap and downloaded the fake app "Setup for Amazon Echo".

In addition to being a useless app, it is also dangerous for users' data. When you launch it for the first time, it asks the user for permissions to get the Amazon Echo ID number and IP address. This is confidential information that cyber criminals could use to remotely take control of the Amazon Echo and spy on users. But that's not all: Amazon devices could become part of a botnet and initiate DDoS attacks.

How to defend yourself

If you are an Amazon Echo owner, check which app you have downloaded from the App Store to configure the device. In case you have also fallen into the trap, immediately uninstall the "Setup for Amazon Echo" app and perform a new setup from scratch by downloading the only original Alexa app from the App Store.

After user reports, Apple took action and removed the fake app from its store. The dangers, however, are not over: other companies might release fake apps for Amazon Echo setup. Be careful.