As technology advances, hackers’ attacks are becoming more sophisticated. By using many new methods and tricks, more and more people around the world become victims of hackers.
Recently, security company Sophos detected an organized crime campaign targeting users smartphone Android and iOS through the distribution of malicious applications.
As we all know, with the Android platform, it is quite easy to install apps from outside the Play Store, so users are at higher risk of voluntarily downloading and installing malware.
Meanwhile, iOS users can only download the app from the App Store. Apps must pass Apple’s rigorous security review before appearing on the Apple Store. This check will prevent malicious apps from entering the device.
However, recent findings show that by taking advantage of two legitimate Apple features, hackers were able to bypass the App Store’s testing requirements and trick victims into installing malicious software.
Fake BTCBOX Cryptocurrency Stealing App Distributed to iOS Users via TestFlight
Sophos In this campaign called CryptoRom, hackers used the “TestFlight” and “WebClips” features to trick iPhone and iPad users into installing malicious apps, in order to steal cryptocurrency and passwords or perform other malicious activities without being prevented.
TestFlight is a platform that allows iOS users to download and install uncensored apps. Users can download the TestFlight app on the App Store and then download uncensored apps through the app. By taking advantage of TestFlight, cybercriminals can easily distribute applications filled with malicious code.
“Several victims contacted Sophos and reported that they had been instructed to install fake BTCBOX, the application for Japanese cryptocurrency exchanges. We have found many other fake apps through TestFlight, the CryptoRom campaign is also done with the same form.“, Jagadeesh Chandraiah, malware analyst at Sophos To share.
Apple warns users not to download and install any apps from unknown sources
Because changing the way TestFlight works will affect developers, so Apple warns users to avoid being scammed by not downloading and installing any apps from unknown sources, right away. even if it is distributed through TestFlight.
The second method is even simpler. Hackers will put the malicious website link directly on the iPhone screen in the form of an icon, easy to confuse with an official application.
Currently, the people behind the CryptoRom war are spreading their malicious applications on social networks, dating sites and dating apps… Therefore, experts advise users not to Apps should be downloaded from unofficial sources.
at Blogtuan.info – Source: Soha.vn – Read the original article here