The FBI has released a public service announcement revealing the growing popularity of a technique that aims to trick us into installing malware on our smartphones: disguising malware as an app still in beta.
The FBI released a message informing us that “ cybercriminals implement malicious code in mobile apps of beta testing (apps) in order to defraud potential victims”. The TestFlight service on iOS, which allows advanced users to test applications whose public version has not been officially released, is particularly targeted by this announcement, Google saying that the security checks of theAndroid Beta Program are impossible to circumvent.
THE applications launched through Testflight are not yet deployable, and are therefore apparently not not subject to regular Apple Store security checks. This is the flaw that hackers exploit, after a lot of social engineering work. Because before hacking devices, you must first lure victims. It is on social networks and on dating applications that everything is played out.
Hackers install malware in crypto apps through beta
As the conversations progress, cybercriminals convince their victims to invest in cryptocurrency through a crypto investment app still in beta. This implies that the experience will not necessarily be smooth, that many features will be missing, and that there will certainly be bugs. But no matter, the app is available on the Apple Store. A priori, there is therefore nothing to fear… In reality, hackers can modify the code of an iOS app in beta stealthily, allowing them to download and install malware on the targeted iPhone.
The supposedly legit app asks user-testers to enter their personal details and deposit money for their investments. They will obviously never see the color again, and on top of that, hackers now hold personal data which will allow them to usurp the identity of their victims and empty their bank accounts. According to the FBI, you may have installed spyware on your iPhone if its battery drains abnormally quickly, if it slows down significantly when processing a request, or if pop-up ads appear too frequently.