A new report described two new methods scammers use to distribute malicious apps to iPhones. These schemes take advantage of TestFlight and WebClips to bypass vetting requirements for new software submitted to the App Store.
Using TestFlight to Bypass Security Checks and Distribute Malicious Apps
Security firm Sophos published a report describing how scammers have been using TestFlight. The testing platform is instrumental to CryptoRom, an organized crime campaign. This style of cyber fraud pushes fake cryptocurrency apps to iOS users. Software developers use TestFlight to beta test new apps. Users can download beta software by invitation if they have TestFlight on their iOS devices. The problem is that these apps have not yet gone through the vetting requirements and security checks now common to the App Store. The scammers take advantage of lax security requirements of TestFlight, publishing malicious apps on scam sites or in emails.
According to the report, victims described being instructed to install an app. It appeared to be an app for Japanese cryptocurrency exchange BTCBOX. Additionally, Sophos also discovered fakes sites posing as BitFury, a cryptocurrency mining firm.
Abusing WebClips to Bypass the App Store Vetting Process
Aside from TestFlight, another new method that scammers used to install malicious apps on iPhones is through iOS WebClips. These are mobile device management payloads that add links to a web page directly to the iOS device’s Home Screen. The scammers make the URLs look, to unsuspecting users, like typical legitimate apps.
When the firm investigated the suspicious links being served through WebClips, they found related IP addresses hosting pages that mimicked the App Store so as to avoid users suspecting the deception. The fake pages used convincing templates, including brands and icons to help them pass as legitimate App Store pages.
Avoiding Cyber Fraud
The report concludes by emphasizing that CryptoRom scams continue to flourish due to a combination of social engineering, cryptocurrency, and fake applications. Scammers have also become more organized and skilled in identifying and exploiting users. Sophos recommends a collaborative response to fight this type of cyber fraud. It suggests that Apple should warn users that side-loaded apps are not from official sources.
For users like us, we should always remain cautious when downloading apps from sources other than the App Store or following links in email, ads, or untrusted websites.