Apple TestFlight is a tool used to install beta apps, designed to help developers release beta apps to users on the App Store. However, some scammers have been using the platform for scams, distributing malicious programs to its users without Apple’s knowledge.
According to security firm Sophos, they discovered that a group is known as “CryptoRom” has been distributing fake cryptocurrency apps to iOS and Android users. They use Apple’s official platform TestFlight to create and distribute malicious apps to iPhone and iPad users to achieve their goals.
Through TestFlight, developers can invite up to 10,000 testers to install their beta apps, which do not need to pass the review process of Apple’s App Store, so the platform can implement a process similar to sideloading, while The crooks took advantage of this to distribute their malware to some users.
At the same time, it is also difficult for Apple to find that scammers release scam apps as beta apps, and all iOS users who have TestFlight installed can download their apps.
“Some of the victims reported that they were instructed to install an app that looked like BTCBOX, a Japanese cryptocurrency exchange,” said Sophos analyst Jagadeesh Chandraiah. “We also found a fake BitFury website, also through TestFlight. Distributing fake apps. We are continuing to look for other CryptoRom apps that use the same method.”
Reports also suggest that crooks are also trying to promote malicious web apps (that is, websites that can be added to the home screen of iOS devices to run as apps) to bypass the App Store’s censorship process.
Because modifying TestFlight logic can affect developers, Apple says users should avoid downloading and installing any software from unknown sources to avoid being scammed, even software distributed through TestFlight.