SCAM has discovered a clever new way to install crafty apps onto people’s iPhones to steal their cash.
According to cybersecurity enthusiasts, attackers are trying to bypass Apple’s protections to distribute fake crypto apps to iOS users.
Once installed on a device, the malware washes out people’s crypto wallets without their knowledge.
It’s part of an organized crime campaign called “CryptoRom”, researchers at British outfit Sophos reported on Wednesday.
“This style of phishing is a well-organized, well-organized phishing operation,” the team wrote in a blog post.
“It uses a combination of often romance-centric social engineering and fraudulent financial apps and websites to trap victims and steal their savings after gaining trust. their.”
According to Sophos, the trick takes advantage of a loophole in Apple’s TestFlight, a tool created to help developers distribute their beta apps to users before they’re released to everyone on the App Store. .
By installing the TestFlight iOS app, iPhone and iPad owners can try out early versions of the app before anyone else.
However, this service – used by tens of thousands of people globally – comes with a hitch.
Apple’s app store is covered by all sorts of safeguards that prevent scammers from listing their malicious apps there.
However, those same protections are not applied to TestFlight, leaving beta testers exposed to scammers.
According to Sophos, cybercriminals are currently exploiting this security oversight by creating malicious crypto apps, counterfeiting, and distributing them via TestFlight.
Developers can invite up to 10,000 testers to install dodgy apps, and any iOS user who has TestFlight installed can download them.
Apps act as legitimate crypto wallets or exchanges – but people Bitcoin and other currencies are simply stolen by scammers.
“Several victims who contacted us reported that they were instructed to install what appeared to be BTCBOX, an app for Japanese cryptocurrency exchanges,” Sophos wrote.
“We also found websites that faked crypto mining company BitFury selling fake apps through TestFlight.
“This threat is still very active and continues to impact victims around the world, in some cases costing their lives.”
Android users are also being targeted by malware, the researchers added.
Apple has previously advised TestFlight users not to download and install software from unknown sources.
The company has a webpage with tips on how to avoid scams.
Apple declined a request for comment.
- Read all the latest Phones & Gadgets news
- Stay up to date with Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
Best tips and hacks for phones and gadgets
Looking for tips and tricks for your phone? Want to find those secret features in social networking apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Science & Technology team? Email us at email@example.com
https://www.thesun.ie/tech/8520427/warning-iphone-fans-scammers-installing-phoney-apps-ios/ Warning to iPhone fans after scammers caught installing phoney apps on iOS devices