The organized crime campaign Cryptorom distributed fake cryptocurrency apps to iOS users. Due to an interesting way to bypass security measures, almost any user of an Apple smartphone / tablet can become a victim of cybercriminals.
This was possible thanks to Apple TestFlight, a tool created to help developers distribute their beta applications to users before they are released to the general public in the App Store. Fraudsters began using the platform to spread malicious apps without Apple's knowledge.
With TestFlight, developers can invite up to 10,000 testers to install betas that don't pass the App Store because the platform is designed to test software before release. As a result, Apple Corporation had no idea that criminals were distributing malicious applications as beta versions, and any iOS user with TestFlight installed could download a dangerous application. The application installation process is quite simple, as the developer can create a shared download link instead of inviting users via email separately.
“Some of the victims reported that they were prompted to install what looked like BTCBOX, an application for a Japanese cryptocurrency exchange. We also found fake websites posing as BitFury, a cryptocurrency mining company, trading fake apps through TestFlight. We continue to look for other applications from CryptoRom that use the same approach,” wrote Jagadish Chandraya, an analyst in the anti-malware department at Sophos.
Since the change in how TestFlight is used will impact developers, Apple emphasizes that users can avoid being scammed by not downloading or installing any software from unknown authors.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated