Security News > 2023 > August > Threat actors use beta apps to bypass mobile app store security
The FBI is warning of a new tactic used by cybercriminals where they promote malicious "Beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.
The threat actors submit the malicious apps to the mobile app stores as "Betas," meaning that they are in an early development phase and are meant to be used by tech enthusiasts or fans to test and submit feedback to developers before the software is officially released.
Sophos first documented this problem in March 2022 in a report that warned about scammers abusing Apple's TestFlight system, a platform created to help developers distribute beta apps for testing in iOS. A more recent Sophos report explores a malicious app campaign called 'CryptoRom', which masquerades as cryptocurrency investment scam apps.
These apps are promoted through the Apple TestFlight system, which the threat actors continue to abuse for malware distribution.
The threat actors initially upload what appears to be a legitimate app to the iOS app store for use on Test Flight.
After the app is approved, the threat actors change the URL used by the app to point to a malicious server, introducing the malicious behavior into the app.
News URL
Related news
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024 (source)
- Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? (source)
- Threat actors are stepping up their tactics to bypass email protections (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)