It is very common for malicious applications to make their way to the Google Play market. Such scams have been reported several times in recent years, and con artists always seem to be one step ahead of Google. Despite Apple’s improvements in preventing fraudulent applications, iPhone malware is a major issue. In fact, according to a new analysis from security firm Sophos, hackers have discovered two new ways to hack into your iPhone with malware.
Last year, Sophos launched an organized crime advertising campaign called CryptoRom. The scam uses social technology and fraudulent means to steal money from unsuspecting victims. According to Sophos, the CryptoRom campaign continues to spread. Scammers are even starting to find ways to use Apple’s own tools against it. Earlier, Sophos revealed that scammers were using Apple’s “Signature Super” distribution system to spread malicious applications on iOS devices. The team has now discovered that CryptoRom authors are also abusing Apple’s TestFlight functionality.
Developers often use TestFlight to distribute early writing of their new applications that also need testing before launching on the App Store. TestFlight supports small, internal tests of up to 100 users and public tests of up to 10,000 users. According to Sophos notes, developers distribute applications via email for small tests, which do not require App Store security reviews. According to Jagadeesh Chandraiah, a threat researcher at Sophos, explains:
[TestFlight] is cheaper to use than other machines because all you need is an IPA file with compiled material. The distribution is managed by another, and when (or if) malware is detected and flagged, the malware developer may just proceed to the next task and restart. [TestFlight] is preferred by malicious application developers in some cases than Super Signature or Enterprise Signature because it is cheaper and looks more legitimate when shared with [TestFlight app].
CryptoRom applications for iOS and Android are distributed through a fraudulent site. All iOS versions of the apps use TestFlight to install on victim devices. Unfortunately, the scams do not end there. Threat artists are also trying to attract victims with Web Clips. As Apple explains on its website, “Web clips provide quick access to favorite websites or links.” Here is an example of malicious Web Clip from Sophos: RobinHand Web Clip on iOS. Image source: Sophos. “In addition to the App Store pages, all of these fake pages also have websites linked with similar templates to convince users – branding and icons, but web content a similar website, “Chandraiah wrote.” This is possible to proceed from one brand to another when blocked or found. This shows how cheap and easy it is to imitate famous brands while earning thousands of dollars from the victims. ”
This is further proof that the ridiculous ads you see all over the internet are more than a facelift. As always, be very careful when downloading an application from any source other than the App Store. Scammers are always looking for new ways to deceive us.
