Apple’s TestFlight Used to Distribute Malicious Crypto Apps to iOS Users: Report

app store revenue billings 2019

Apple has touted that iOS and iPadOS are more secure platforms than Android several times in the past. It is primarily due to the fact the Cupertino giant has always discouraged sideloading of apps (though it can be easily done) to prevent users from downloading malicious apps on their devices. However, scammers have now found a way to spread malicious apps to iOS users that can put their privacy at risk. Let’s take a look at the details below.

Apple TestFlight Can Spread Malicious Apps on iOS

Apple, as you might know, distributes pre-production apps and games for beta testing by directly inviting users via links for people to test via the TestFlight app. TestFlight can be used by developers to invite up to 10,000 users to beta test an app or a game. Now, a recent report from security firm Sophos suggests scammers are using the same app to distribute their malicious apps to iPhone and iPad users, and it is through Apple’s beta testing platform TestFlight.

With this, cybercriminals are stealing money from users without even their knowledge. This is because these fake malicious apps are very well able to disguise as real ones and thus, people trust them while transacting.

As the apps and games that are distributed through TestFlight do not go through Apple’s App Store review process, an organized crime campaign dubbed “CryptoRom” took advantage of this loophole and is distributing fake and malicious cryptocurrency apps to iOS and iPadOS users.

“Some of the victims who contacted us reported that they had been instructed to install what appeared to be BTCBOX, an app for a Japanese cryptocurrency exchange,” reads the in-depth report by one of Sophos’ malware analysts, Jagadeesh Chandraiah.

Furthermore, the CryptoRom scammers are also distributing malicious applications disguised as legit web apps or WebClips that users can pin to their home screens on their iPhones and iPads. And as these are not being distributed through Apple’s trusted App Store, they bypass the App Store review process, much like the TestFlight apps and games. CryptoRom also affects Android users.

Apple has not yet addressed this issue officially, though it warns users to avoid downloading untrusted apps from unknown sources. The company also has a dedicated support page for users to learn more about phishing attacks and other scams that you can check out right here. So, if you beta test applications and games through TestFlight on your iPhone or iPad, we’d suggest you stay away from any kind of sketchy crypto or any other app to avoid privacy risks.

VIA 9to5Mac
comment Comments 0
Leave a Reply