Connect with us

Technology

Warning for iPhone fans after scammers caught installing phoney apps on iOS devices

SCAMMERS have discovered a clever new way to install dodgy apps onto people’s iPhones that steal their cash.

According to cyber security buffs, attackers are managing to get around Apple’s protections to distribute fake cryptocurrency apps to iOS users.

GettyScammers have discovered a new way to install dodgy apps onto people’s iPhones[/caption]

Once it’s installed on a device, the malicious software rinses people’s crypto wallets without their knowledge.

It’s part of an organised crime campaign known as “CryptoRom”, researchers at British outfit Sophos reported on Wednesday.

“This style of cyber-fraud is a well-organised, syndicated scam operation,” the team wrote in a blog post.

“It uses a combination of often romance-centred social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence.”

According to Sophos, the trick takes advantage of a loophole in Apple’s TestFlight, a tool created to help developers distribute their beta apps to users before they are released to everyone on the App Store.

By installing the TestFlight iOS app, iPhone and iPad owners can try out early versions of apps before anyone else.

Read more about the iPhone

IPHONE WARNING

Update your iPhone NOW after Apple releases urgent security fixes

DON’T MISS

Best cheap iPhone SE 3 deals – pre-orders live NOW for Apple’s budget handset

However, the service – which is used by tens of thousands of people across the globe – comes with a catch.

Apple’s App Store is guarded by all sorts of protections that stop fraudsters from listing their malicious apps there.

However, those same safeguards are not applied to TestFlight, exposing beta testers to scammers.

According to Sophos, cyber crooks are now exploiting this security oversight by creating malicious, fake cryptocurrency apps and distributing them via TestFlight.


Developers can invite up to 10,000 testers to install the dodgy apps and any iOS user with TestFlight installed can download them.

The apps pose as legitimate cryptocurrency wallets or exchanges – but people Bitcoin and other currencies is simply stolen by the scammers.

“Some of the victims who contacted us reported that they had been instructed to install what appeared to be BTCBOX, an app for a Japanese cryptocurrency exchange,” Sophos wrote.

“We also found fake sites that posed as the cryptocurrency mining firm BitFury peddling fake apps through TestFlight.

“This threat is still very active, and continues to impact victims around the world, in some cases costing them their life savings.”

Android users are also being targeted by the malware, researchers added.

Apple has previously urged TestFlight users not to download and install software from unknown sources.

The company has a webpage with tips on how to avoid scams.

Apple declined a request for comment.

Read all the latest Phones & Gadgets newsKeep up-to-date on Apple storiesGet the latest on Facebook, WhatsApp and Instagram

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

How to get your deleted Instagram photos back
How to track someone on Google Maps
How can I increase my Snapchat score?
How can I change my Facebook password?
How can I do a duet on TikTok?
Here’s how to see if your Gmail has been hacked
How can I change my Amazon Alexa voice in seconds?
What is dating app Bumble?
How can I test my broadband internet speed?
Here’s how to find your Sky TV remote in SECONDS

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk