Threat Actors Use Beta Apps to Bypass Mobile App Store Security

Cyber Security Threat Summary:
The FBI has raised an alert about a new strategy employed by cybercriminals. They are now pushing harmful “beta” editions of cryptocurrency investment applications on widely used mobile app stores. These apps are subsequently exploited to pilfer cryptocurrency. The perpetrators introduce these harmful apps to the mobile app stores under the guise of “beta” versions. This indicates they are in initial stages of development, intended for use by tech enthusiasts or supporters to trial and offer input to developers prior to the official release of the software. The FBI stated that these harmful applications facilitate the pilfering of PII, unauthorized access to financial accounts, or seizing control of devices. The application may present themselves as authentic by adopting names, visuals, or explanations reminiscent of well-known apps.

Typically, these applications imitate tools for cryptocurrency investment and digital asset management. They prompt users to input their genuine account credentials, deposit funds for investment, and more. “Sophos first documented this problem in March 2022 in a report that warned about scammers abusing Apple's TestFlight system, a platform created to help developers distribute beta apps for testing in iOS. A more recent Sophos report explores a malicious app campaign called 'CryptoRom', which masquerades as cryptocurrency investment scam apps. These apps are promoted through the Apple TestFlight system, which the threat actors continue to abuse for malware distribution. The threat actors initially upload what appears to be a legitimate app to the iOS app store for use on Test Flight. However, after the app is approved, the threat actors change the URL used by the app to point to a malicious server, introducing the malicious behavior into the app” (BleepingComputer, 2023).

Security Officer Comments:
The FBI suggests verifying the credibility of an app’s developer by checking user feedback on the app store. It’s wise to steer clear of apps with low download counts or too few reviews. When installing an app, users should carefully review requested permissions to ensure they align with the app’s purpose. Signs of malware include abnormal battery drain, high data usage, unexpected pop-up ads, performance issues, and device overheating.

Suggested Correction(s):
Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release. Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.

Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.

Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.

Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information. Download apps from official app stores.

Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.

Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.