When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Malware sneaking into iOS through legitimate ways Apple provides for testing unvetted apps

Neowin · with 6 comments

Malware app creators have discovered not one but two methods to sneak their scams inside Apple’s walled garden of iPhone and iPad. Scammers are utilizing “TestFlight” as well as “WebClips” to get iPhone and iPad users to install malware-laden apps which steal cryptocurrency and passwords or carry out other malicious activities with impunity.

Apple Inc. has always warned about the dangers of sideloading apps and insisted on its own vetting process. The company has long mandated all apps must pass a security review in order to be admitted to the App Store. Needless to add, if the app fails a security review, iPhones and iPads will not be able to even see these apps on the App Store, let alone install them.

The vetting process has been largely successful in preventing malicious apps from making their way onto Apple devices. There are, of course, some exceptions. Nonetheless, a post published by security firm Sophos, indicates how Apple’s app vetting process itself is being successfully bypassed by malicious apps laden with malware.

A new campaign, dubbed CryptoRom, is pushing fake cryptocurrency apps to unsuspecting iOS and Android users. As Android allows “sideloading”, users are at a far greater risk of voluntarily downloading and installing malware. However, Apple’s “thorough” security review is being sidetracked, and that’s highly concerning.

The CryptoRom group is relying heavily on TestFlight, a platform that basically allows iOS users to download and install apps that have not yet passed the vetting process. The TestFlight app is available on the App Store.

Scammers are aggressively peddling their malware-laden apps, some of which, have been disguised as cryptocurrency exchanges. However, when an iPhone or iPad user takes the bait, the scammers first push Apple’s TestFlight app. Once it is installed successfully, pushing malware-laden apps is fairly easy.

The second method is even simpler, and hence, scarier. CryptoRom scammers are using WebClips, a feature that Apple provides. WebClips basically adds a webpage link directly to an iPhone home screen. It has an icon. Needless to add, scammers can disguise the weblink to appear as a normal app from a legitimate service or platform.

CryptoRom scammers are currently peddling their wares on social networks, dating sites, and dating applications. In other words, the group is deploying social engineering tactics. As a safety precaution, it is important that iPhone and iPad users must never download apps from a source other than the official App Store.

Report a problem with article
A pipe with binary data flowing and Google logo overlay
Next Article

Google's 'Switch to Android' app for iOS could make it easier for iPhone users to migrate

Microsoft Defender Antivirus logo blue on blue background
Previous Article

Microsoft Defender goofed up as it flagged its own Office updates as malware

Join the conversation!

Login or Sign Up to read and post a comment.

6 Comments - Add comment