Criminals Abusing Apple’s TestFlight to Distribute Malicious Apps
Malware app creators have discovered two new methods to sneak their scams inside Apple’s walled garden of iPhone and iPad.
According to a new blog post by security research firm Sophos (via Ars Technica), iPhone and Android users are falling prey to new and even more extortionate tactics by romance and cryptocurrency scam artists.
In 2021, Sophos revealed “CryptoRom,” an international criminal ring conducting romance scams across Asia, the US, and Europe. At the time, Sophos said that CryptoRom primarily targeted Bumble and Tinder users, luring them into downloading fake cryptocurrency trading apps by abusing Apple’s Enterprise Signature platform.
Now, Sophos has revealed that CryptoRom scammers are now using Apple’s TestFlight software pre-release testing system to distribute malicious apps to vulnerable iPhone users.
The report claims that some scammers are taking advantage of this to create fake websites that pose as legitimate companies, and then push their app onto Test Flight where unsuspecting users download them.
Another method involves WebClips, which allows users to add a website to their home screen so that they can access it quicker. These scammers even create logos for these websites to mimic those used by legitimate apps so that users who don’t pay close attention will launch it instead, where they might end up entering their login credentials which can then be stolen.
Both of these methods can be easily detected by those who might be more tech-savvy, but if you’re unsure, then the best thing to do is make sure all your downloads come directly from Apple’s own iOS App Store.