Apple has advertised iOS and iPad OS as more secure platforms than Android several times in the past. This is mainly because the Cupertino giant does not always recommend sideloading apps (although it’s easy to do) to prevent users from downloading malicious apps to their devices. However, scammers have found a way to spread malicious apps that can jeopardize privacy to iOS users. Let’s take a look at the details below.
Apple Test Flight can spread malicious apps on iOS
As you may know, Apple distributes prototype apps and games for beta testing by directly inviting users via a link to test through the TestFlight app. TestFlight Developers can use it to invite up to 10,000 users to beta testing their app Or a game.Well, a recent report from a security company Sososo It suggests that scammers are using the same app to distribute malicious apps to iPhone and iPad users. It’s via Apple’s beta testing platform, TestFlight.
This allows cybercriminals to unknowingly steal money from users. This is because these fake malicious apps are very likely to disguise themselves as real apps and people trust them during the transaction.
As Apps and games distributed via TestFlight do not go through Apple’s App Store review processAn organized crime campaign called “CryptoRom” is taking advantage of this loophole to distribute fake malicious cryptocurrency apps to iOS and iPad OS users.
“Some of the victims who contacted us reported that they were instructed to install what looks like BTCBOX, an app for Japanese cryptocurrency exchanges.” Read a detailed report by Jagadeesh Chandraiah, one of the Sophos malware analysts.
In addition, the CryptoRom scammer Also, distribute legitimate web apps or malicious applications disguised as Web Clips that users can pin to their home screen. On their iPhone and iPad. Also, because they aren’t distributed through Apple’s trusted App Store, they bypass the App Store review process, just like TestFlight apps and games. CryptoRom also affects Android users.
Apple hasn’t officially addressed this issue yet, Warn users not to download untrusted apps from unknown sources.. The company also has a dedicated support page where users can learn more about phishing attacks and other scams. Therefore, if you use TestFlight on your iPhone or iPad to beta test your application or game, we recommend that you avoid using crude cryptography and other apps to avoid privacy risks.