Fraudsters started using the application from Apple

Although experts regularly report malware found on Google Play under the guise of regular applications, it is believed that the App Store does not sin like this. However, attackers have found a way to use Apple's official program against its users. About it told research company Sophos.

The official TestFlight program is for developers who want to test early builds of their apps and get user feedback. Such apps do not pass the standard App Store security checks, which is ideal for scammers who only need to prepare an IPA file and start distributing it.

This ploy is used as part of CryptoRom, a growing criminal scheme that combines online dating and cryptocurrency. Essentially, the attacker establishes a virtual relationship with the victim (usually using the profile of an attractive girl) and convinces her invest in cryptocurrency, but gives a link to a fake wallet - which is proposed to be installed through TestFlight or another platform.

When a user replenishes such a wallet, he sees that the balance really increases, but problems begin when trying to withdraw the accumulated amount. There is a notification about the need to pay 20% of the amount in the form of tax. If the user refuses, the following notification appears - stating that tax evasion is a crime and will be reported to the relevant authorities.

Further, the attacker apologizes and offers to help pay part of the tax - but, of course, the victim will never see his money and part of the paid “tax”. Initially, this scheme originated in Asia, but then came to the United States and Europe.

TestFlight is popular with scammers because it's cheaper to distribute malware, but it still makes apps look convincing to the user. When a virus is discovered, developers can simply start over with a different application.

In addition, scammers use the Web Clips feature to advertise fake crypto wallets by copying the design of real applications. At the same time, the links lead not to the App Store, but to TestFlight (which looks no less convincing to many).

Experts advise to be careful not to take part in beta testing of unknown projects, especially if you received a link from a person with whom you do not know personally.