December 4, 2022


Tech News at your Fingertips

Scammers have 2 clever new ways to install malicious apps on iOS devices

3 min read
Scammers have 2 clever new ways to install malicious apps on iOS devices

Stylish image of person looking at tablet computer.

Scammers pushing iOS malware are stepping up their game by abusing two legitimate Apple features to bypass the App Store’s vetting requirements and trick people into installing malicious apps.

Apple has long required that apps pass a security review and be admitted to the App Store before they can be installed on iPhones and iPads. Vetting prevents malicious apps from making their way onto devices, where they can steal cryptocurrency and passwords or carry out other nefarious activities.

a post published on Wednesday An organized crime campaign called CryptoROM by security firm Sophos has highlighted two new methods being used to trick fake cryptocurrency apps into unsuspecting iOS and Android users. While Android allows “sideloading” apps from third-party markets, Apple requires iOS apps to come from the App Store after they have passed a thorough security review.

cheap and easy

To enter test flight, a platform Apple provides for beta testing of new apps. By installing Apple’s testflight app From the App Store, any iOS user can download and install apps that have not yet passed the scrutiny process. Once Testflight is installed, the user can download untested apps using scam sites or links attackers publish in emails. People can use Testflight to invite 10,000 testers using their email address or by sharing a public link.

“Some of the victims who contacted us reported that they were instructed to install BTCBOX, an app for the Japanese cryptocurrency exchange,” wrote Jagdish Chandraiah, a malware analyst at security firm Sophos. “We also found fake sites that posed as fake apps to cryptocurrency mining firm BitFury via TestFlight. We continue to look for other CryptoROM apps using the same approach.”

Wednesday’s post featured multiple images used in the CryptoROM campaign. iOS users who took the bait received a link that, when clicked, causes the TestFlight app to download and install the fake cryptocurrency app.


Chandraiah said TestFlight Vector offers advantages not available with better App Store bypass techniques to attackers who also abuse legitimate Apple features. One such feature is Apple’s SuperSignature platform, which allows people to use their Apple Developer account to deliver apps on a limited ad-hoc basis. Other specialty of the company Developer Enterprise Program, It lets large organizations deploy proprietary apps for internal use without having employees using the App Store. Both methods require the scammers to pay money and other obstacles to be overcome.

In contrast, Chandraiah said, Testflight:

It is cheaper to use than other plans as you only need one ipa file with a compiled app. Distribution is handled by someone else, and when (or if) malware is spotted and flagged, the malware developer can simply move on to the next service and start again. [TestFlight] In some cases the malicious app is preferred by developers over SuperSignature or EnterpriseSignature because it’s a bit cheaper and looks more legitimate when distributed with the Apple Test Flight app. The review process is also considered to be less rigorous than App Store reviews.

they are not everything

The post states that CryptoROM scammers are using another Apple feature to hide their activities. that characteristic—known as web clips-Adds a webpage link directly to an iPhone home screen as an icon that can be confused with a benign app. Web Clips appears after the user has saved the web link.

A Sophos researcher said that CryptoROM may be using web clips to add effects to malicious URLs that forward fake apps. Here is an icon for an app called Robinhands which is designed to mimic the legitimate Robinhood trading app.


CryptoROM scammers rely heavily on social engineering. They employ a variety of tactics to build a relationship with the target, even if they never meet face-to-face. Social networks, dating sites and dating applications are among such tricks. In other cases, scammers “initiate relationships through seemingly random WhatsApp messages offering recipients investment and trading tips.”

Misuse of Testflight and WebClips can be spotted by knowledgeable Internet users, but less experienced people can be fooled. iOS users should be wary of any site, email, or message instructing them to download an app from another source official app store, An Apple representative said this support page Shows how to avoid and report scams. Apple has additional guidance Here And Here,

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © All rights reserved. | Newsphere by AF themes.