Apple iPhone users have a new security concern, and it is related to malware planted through iOS app by attackers. A new security report says that scammers are using Apple TestFlight tool to spread malware-ridden iOS apps that even Apple doesn’t know about.
The security report from Sophos says the issue is evident on both Android and iOS. But concerns regarding Apple are more grave because these malicious apps have found their way through the TestFlight tool to the Apple App.
Shedding more light on the matter, Sophos says the cyber crime campaign has been called ‘CryptoRom’ which involves distribution of fake cryptocurrency apps to both iOS and Android users. As you might be aware, Android apps can be installed by side-loading from third-party app store. But Apple has a more stringent check policy, this is where TestFlight has become the source of malware infiltration.
TestFlight is a tool that helps developers push beta versions of their app to over 10,000 users for testing before the public release. And it seems the attackers have found a gaping loophole in Apple’s App Store policies, where the pre-release apps are not reviewed, which means the malware has an easy entry into any iOS device that is using the TestFlight tool.
The developer sends the pre-release app through a web link to the eligible testers, so it is not even possible to decipher whether the link is secure to download, or it is also infected with the malware.
Apple is unwilling to make changes to how the TestFlight process works, which could be a hindrance to the developers. So, the company is asking its users to be careful while downloading apps or software from unknown sources, and that includes any link sent through TestFlight.
They also should be mindful of how the mail/message reads, and if it looks out of the ordinary, they should delete it right away.