The Apple TestFlight software pre-release testing system is being used by CryptoRom scammers to send malicious apps to iPhone users, as per a report by Sophos. The scam first came to light last year, with the CryptoRom attacks being used to pilfer about $1.4 million from Apple users. The scammers then used a combination of social media platforms, dating apps, Apple’s Enterprise Developer program and cryptocurrency to target people. As per the report, now the scam has evolved and is abusing the TestFlight platform of Apple which allows the users to test a beta version of the app before it makes its way to the App Store.
Since the beta apps for testing purposes are under no strict surveillance — they are not being screened for the App Store — this gives fraudsters a chance to send malware directly to the victim’s device via the beta app versions. As per the report, victims are instructed to install Testflight and click on a link which then installs the malicious app on their device. The average Apple user thinks that the platform they are using is one of the most secure in the world, oblivious to the possibility that a beta version of an app meant for the App Store could come with a threat.
“Apple supports use of TestFlight app distribution in two ways: for smaller internal application tests sent out by up to 100 users by email invitation, and larger public beta tests supporting up to 10,000 users. The smaller email-based distribution approach requires no App Store security review, while TestFlight apps shared by public web links require an initial review of code builds by the App Store”, said the report.
As per the report, victims of the scam were redirected to bogus versions of various cryptocurrency sites. It added that a legitimate cryptocurrency exchange will not ask a user to install TestFlight to use their app. If someone asks them to install or a website does, it is the sign of fraudulent behaviour. The report also advised users against installing Device Management Profiles unless specifically required by their place of employment or higher educational institution.