Romantics who tried to understand cryptocurrencies suffered.
Although experts regularly report malware found on Google Play under the guise of regular applications, it is believed that the App Store does not sin like this. However, attackers have found a way to use Apple's official program against its users. Sophos, a research company, said this.
The official TestFlight program is for developers who want to test early builds of their applications and get user feedback. Such applications do not pass the standard App Store security checks, which is ideal for scammers who only need to prepare an IPA file and distribute it.
This ploy is used as part of CryptoRom, a growing criminal scheme that combines online dating and cryptocurrency. In essence, the attacker establishes a virtual relationship with the victim (usually using the profile of an attractive girl) and convinces her to invest in cryptocurrency, but gives a link to a fake wallet – which is proposed to be installed through TestFlight or another platform.
When a user replenishes such a wallet, he sees that the balance really increases, but problems begin when trying to withdraw the accumulated amount. There is a notification about the need to pay 20% of the amount in the form of tax. If the user refuses, the following notification appears – stating that tax evasion is a crime, and this will be reported to the relevant authorities.
Next, the attacker apologizes and offers to help pay part of the tax – but, of course, his money and part of the paid “tax” the victim will never see. Initially, this scheme originated in Asia, but then it came to the USA and Europe.
TestFlight is popular with scammers because it's cheaper to distribute malware, but it still makes apps look convincing to the user. When a virus is discovered, developers can simply start over with a different application.
In addition, scammers use the Web Slices (Web Clips) to advertise fake crypto wallets by copying the design of real-life applications. At the same time, the links lead not to the App Store, but to TestFlight (which looks no less convincing to many).
Experts recommend that you be careful not to take part in beta testing of unknown projects, especially if you received a link from someone you don't know personally.