Security News > 2023 > August > Threat actors use beta apps to bypass mobile app store security
The FBI is warning of a new tactic used by cybercriminals where they promote malicious "Beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.
The threat actors submit the malicious apps to the mobile app stores as "Betas," meaning that they are in an early development phase and are meant to be used by tech enthusiasts or fans to test and submit feedback to developers before the software is officially released.
Sophos first documented this problem in March 2022 in a report that warned about scammers abusing Apple's TestFlight system, a platform created to help developers distribute beta apps for testing in iOS. A more recent Sophos report explores a malicious app campaign called 'CryptoRom', which masquerades as cryptocurrency investment scam apps.
These apps are promoted through the Apple TestFlight system, which the threat actors continue to abuse for malware distribution.
The threat actors initially upload what appears to be a legitimate app to the iOS app store for use on Test Flight.
After the app is approved, the threat actors change the URL used by the app to point to a malicious server, introducing the malicious behavior into the app.
News URL
Related news
- SASE Threat Report: 8 Key Findings for Enterprise Security (source)
- Third-party vendors pose serious cybersecurity threat to national security (source)
- Security and privacy strategies for CISOs in a mobile-first world (source)
- SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting (source)
- Snowblind malware abuses Android security feature to bypass security (source)
- Discover the growing threats to data security (source)
- Cloud security threats CISOs need to know about (source)