Scammers are using Apple’s own tools to install malware on your iPhone


If you purchase an independently reviewed product or service through a link on our website, BGR may receive an affiliate commission.

Malicious apps make their way on to the Google Play store way too often. We have covered these incidents repeatedly in recent years, and the scammers always appear to be one step ahead of Google. Though Apple is better at keeping malicious apps at bay, iPhone malware is still a real problem. In fact, according to a new report from security firm Sophos, hackers have found two sneaky new ways to get malware on to your iPhone.

Don’t Miss: Friday’s deals: Ninja air fryer, Beats headphones, Arlo camera sale, $20 Fire Stick, more

Today’s Top Deals

New iPhone malware distribution schemes

Last year, Sophos started tracking an organized crime campaign which it named CryptoRom. The scam uses social engineering and fraudulent apps to steal money from its unsuspecting victims. According to Sophos, the CryptoRom campaign continues to spread. Scammers are even starting to find ways to use Apple’s own tools against it.

Previously, Sophos explained that scammers were exploiting Apple’s “super signature” app distribution method to spread malicious apps on iOS devices. The team has now discovered that CryptoRom authors are also abusing Apple’s TestFlight service.

Developers usually use TestFlight to disseminate early build of their new apps that still need testing before they launch on the App Store. TestFlight supports small, internal tests of up to 100 users and public beta tests of up to 10,000 users. As Sophos notes, developers distribute apps by email for smaller tests, which don’t require App Store security reviews.

As Jagadeesh Chandraiah, a senior threat researcher at Sophos, explains:

[TestFlight] is cheaper to use than other schemes because all you need is an IPA file with a compiled app. The distribution is handled by someone else, and when (or if) the malware gets noticed and flagged, the malware developer can just move on to the next service and start again. [TestFlight] is preferred by malicious app developers in some instances over Super Signature or Enterprise Signature as it is bit cheaper and looks more legitimate when…

Source…