Scammers use TestFlight to spread malware

If iOS is well-equipped to protect its users, all sorts of villains will redouble their ingenuity while trapping the bewildered. New strategies have come up to impress most cheaters Recently discovered By Sofos, a cyber security company. Hackers operate outside the monitored area of ​​the App Store and use social engineering methods to trick users into installing fake applications.

TestFlight is an application provided by Apple that allows developers to distribute betas of their applications to testers. If it’s practical and accessible, it makes it possible to distribute apps, some versions are not verified by Apple. So hackers have found a way to misuse this system: they create a fraudulent application and distribute it through TestFlight, which is an essential step in creating public links for TestFlight, using third-party services, bypassing Apple’s verification.

For example, Sophos discovered a fake version BTCBOX, A Japanese cryptocurrency exchange application. It has come up with many applications that pose as companies in the same style. Its applications host sites look like official sites (in terms of design and URL) so distracted users need to download TestFlight and then download their infected application.

These TestFlight links offer many benefits to hackers. Downloading malware is based on a somewhat official Apple processor, which gives confidence to the most unfamiliar. They do not have to manage the distribution and it is easy to open a new account if malware is ever reported. Sophos also believes that test flight verification processes are less rigorous than the App Store.

The company detected another scam: Utility Internet clips, I.e. direct internet connections take the form of a classic app on the iOS home screen. In the case referred to by Sophos, the user browses a site before being redirected to a fake App Store page (which uses its design). By clicking the “Get” button, the clip web link will be added to its home screen. When clicked, the user will be sent to the phishing site via Safari, which will receive the official style of the copied application. We can say that the technique is complex, but can confuse the neophytes between web clips and the icons of real applications.