CryptoRom scammers are now using Apple's TestFlight software pre-release testing system to distribute malicious apps to vulnerable iPhone users.
Initially discovered in 2021, "CryptoRom" attacks used a combination of social media, dating apps, cryptocurrency, and abuse of Apple's Enterprise Developer program to steal $1.4 million from victims.
Now, the scam has evolved to utilize Apple's TestFlight platform.
TestFlight is a platform that allows app developers to send beta versions of apps to users. This enables users to test an app before making it to the App Store. The service is invaluable to developers, who can get feedback and bug reports from those who want a sneak peek at a new app.
Unfortunately, TestFlight campaigns are not subjected to the same rigorous oversight as apps published on Apple's App Store. Scammers can instruct a victim to install TestFlight and follow a simple link to load a malicious app onto their device.
TestFlight is extremely easy to use, likely making it even easier for CryptoRom scammers to successfully hit their marks.
Sophos talked to victims of the scam, who noted that they'd been directed to bogus versions of BTCBOX, a Japanese cryptocurrency exchange. Sophos also found sites that posed as cryptocurrency mining firm BitFury, hocking fake apps through TestFlight.
How to avoid CryptoRom attacks
As more and more cryptocurrency exchanges start verifying customers and ensuring that a pair of cryptocurrency exchanges have a valid connection, this attack may begin to wane. However, the lack of wide crypto regulation will always make it a vector of concern.
Users should be aware that a legitimate cryptocurrency exchange will not ask a user to install TestFlight to use their app. If approached by a scammer, or directed to a website that asks you to install TestFlight to use an exchange, realize that you are likely a mark of a scam.
Additionally, users should not install Device Management Profiles unless directed to by their place of employment or higher educational institution.
1 Comment