Security News > 2023 > August > Threat actors use beta apps to bypass mobile app store security
The FBI is warning of a new tactic used by cybercriminals where they promote malicious "Beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.
The threat actors submit the malicious apps to the mobile app stores as "Betas," meaning that they are in an early development phase and are meant to be used by tech enthusiasts or fans to test and submit feedback to developers before the software is officially released.
Sophos first documented this problem in March 2022 in a report that warned about scammers abusing Apple's TestFlight system, a platform created to help developers distribute beta apps for testing in iOS. A more recent Sophos report explores a malicious app campaign called 'CryptoRom', which masquerades as cryptocurrency investment scam apps.
These apps are promoted through the Apple TestFlight system, which the threat actors continue to abuse for malware distribution.
The threat actors initially upload what appears to be a legitimate app to the iOS app store for use on Test Flight.
After the app is approved, the threat actors change the URL used by the app to point to a malicious server, introducing the malicious behavior into the app.
News URL
Related news
- Threat actors are stepping up their tactics to bypass email protections (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)
- Phishers send corrupted documents to bypass email security (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' (source)
- Are threat feeds masking your biggest security blind spot? (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)