Scammers use Apple TestFlight and Web Clips to distribute malicious apps on iPhones

A new report describes two new methods used by scammers to distribute malicious apps on iPhones. These systems take advantage of TestFlight and WebClips to circumvent verification requirements for new software submitted to the App Store.

Using TestFlight to Bypass Security Controls and Distribute Malicious Applications

Sophos security company published a report describing how scammers use TestFlight. The testing platform is essential to CryptoRom, a campaign against organized crime. This style of cyber fraud pushes fake cryptocurrency apps towards iOS users. Software developers use TestFlight to beta test new applications. Users can download beta software by invitation if they have TestFlight on their iOS devices. The problem is that these apps have not yet passed the verification requirements and security checks now common to the App Store. Scammers take advantage of TestFlight’s lax security requirements, posting malicious applications on fraudulent sites or in emails.

According to the report, victims described being prompted to install an app. It appeared to be an app for Japanese cryptocurrency exchange BTCBOX. Additionally, Sophos has also uncovered fake sites posing as BitFury, a cryptocurrency mining company.

Abuse of WebClips to Bypass the App Store Verification Process

Apart from TestFlight, another new method used by crooks to install malicious apps on iPhones is by using iOS WebClips. These are mobile device management payloads that add web page links directly to the home screen of the iOS device. Scammers make URLs appear, to unsuspecting users, as typical legitimate applications.

When the company investigated suspicious links spread via WebClips, it found associated IP addresses hosting pages that mimicked the App Store to prevent users from suspecting deception. The fake pages used convincing patterns, including branding and icons to help them pass as legitimate App Store pages.

Avoid cyber fraud

The report concludes by pointing out that CryptoRom scams continue to thrive due to a combination of social engineering, cryptocurrency, and fake apps. Scammers have also become more organized and skilled at identifying and exploiting users. Sophos recommends a collaborative response to combat this type of cyber fraud. This suggests that Apple should warn users that sideloaded apps are not from official sources.

For users like us, we should always be careful when downloading apps from sources other than the App Store or when following links in emails, advertisements or untrustworthy websites.