Apple’s TestFlight Used to Distribute Malicious Crypto Apps to iOS Users: Report

Apple hastoutedthat iOS and iPadOS are more secure platforms than Android several times in the past. It is primarily due to the fact the Cupertino giant has always discouraged sideloading of apps (thoughit can be easily done) to prevent users from downloading malicious apps on their devices. However, scammers have now found a way to spread malicious apps to iOS users that can put their privacy at risk. Let’s take a look at the details below.

Apple TestFlight Can Spread Malicious Apps on iOS

Apple, as you might know, distributes pre-production apps and games for beta testing by directly inviting users via links for people to test via the TestFlight app. TestFlightcan be used by developers to invite up to 10,000 users to beta test an appor a game. Now, a recentreportfrom security firmSophossuggests scammers are using the same app to distribute their malicious apps to iPhone and iPad users, and it is through Apple’s beta testing platform TestFlight.

With this, cybercriminals are stealing money from users without even their knowledge. This is because these fake malicious apps are very well able to disguise as real ones and thus, people trust them while transacting.

As theapps and games that are distributed through TestFlight do not go through Apple’s App Store review process, an organized crime campaign dubbed “CryptoRom” took advantage of this loophole and is distributing fake and malicious cryptocurrency apps to iOS and iPadOS users.

“Some of the victims who contacted us reported that they had been instructed to install what appeared to be BTCBOX, an app for a Japanese cryptocurrency exchange,”reads the in-depth report by one of Sophos’ malware analysts, Jagadeesh Chandraiah.

Furthermore, the CryptoRom scammers arealso distributing malicious applications disguised as legit web apps or WebClips that users can pin to their home screenson their iPhones and iPads. And as these are not being distributed through Apple’s trusted App Store, they bypass the App Store review process, much like the TestFlight apps and games. CryptoRom also affects Android users.

Apple has not yet addressed this issue officially, though itwarns users to avoid downloading untrusted apps from unknown sources. The company also has a dedicated support page for users to learn more about phishing attacks and other scams that you cancheck out right here. So, if you beta test applications and games through TestFlight on your iPhone or iPad, we’d suggest you stay away from any kind of sketchy crypto or any other app to avoid privacy risks.

Dwaipayan Sengupta

A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.

Add new comment

Name

Email ID

Δ

01

02

03

04

05