malware: how this software is used to target Apple users with malware


NEW DELHI: the apple Test flight the software pre-release testing system is used by CryptoRom scammers to send malicious applications to iPhone users, according to a Sophos report. The scam first came to light last year, with CryptoRom attacks being used to steal around $1.4 million from Apple users. The scammers then used a combination of social media platforms, dating apps, Apple’s Enterprise Developer program and cryptocurrency to target people. According to the report, now the scam has evolved and abuses Apple’s TestFlight platform which allows users to test a beta version of the app before it hit the App Store.
Since beta apps for testing purposes are not subject to any strict monitoring – they are not screened for the App Store – this gives scammers a chance to send malware directly on the victim’s device via beta versions of the application. According to the report, victims are instructed to install Testflight and click on a link which then installs the malicious app on their device. The average Apple user think the platform they use is one of the most secure in the world, oblivious to the possibility that a beta version of an app for the App Store could pose a threat.
“Apple supports the use of TestFlight application distribution in two ways: for smaller internal application testing submitted by up to 100 users via email invitation, and for larger public beta testing. supporting up to 10,000 users Smaller email distribution approach requires no App Store security review, while TestFlight apps shared through public web links require an initial release review of code by the App Store,” the report said.
According to the report, victims of the scam were redirected to fake versions of various cryptocurrency sites. He added that a legitimate cryptocurrency exchange will not require a user to install TestFlight to use their app. If someone asks them to install or if a website does it, it is a sign of fraudulent behavior. The report also advises against users installing device management profiles unless specifically required by their workplace or college.


Comments are closed.