Malware sneaks into iOS through Apple's official distribution channels
Malware creators have discovered not one but two methods of getting inside the iOS ecosystem, Apple's fenced garden. They use "TestFlight" as well as "WebClips" to trick iPhone and iPad users into installing malicious apps with the ability to steal cryptocurrencies and passwords or perform other malicious activities without being detected. prevent.
Apple always warns about the dangers of sideloading and insists on its own testing process. It's been a long time since Apple required all apps to pass security assessments to be included in the App Store.
The testing process was mostly successful in preventing malicious apps from entering Apple devices. There are of course some exceptions.
But recently, a new report published by security firm Sophos says that some malicious apps have found a way to bypass Apple's app censorship system.
A new campaign called CryptoRom is actively spreading fake crypto apps to iOS and Android users. Since Android allows sideloading, users are at higher risk of voluntarily downloading and installing malware. But the other worry is that Apple's thorough security review process is also being bypassed.
The first method that the CryptoRom team used was to take advantage of TestFlight, a platform that allows iOS users to download and install uncensored apps. Users can download the TestFlight app on the App Store and then download uncensored apps through the app.
By taking advantage of TestFlight, cybercriminals can easily distribute applications filled with malicious code.
The second method is even simpler so it will be more intimidating. CryptoRom uses WebClips, a feature Apple provides to distribute malicious code. Basically WebClips adds website links directly to the iPhone home screen. It has an icon. As a result, cybercriminals can disguise malicious links as a normal app from a legitimate service or platform.
Currently, the guys behind CryptoRom are spreading their malicious apps on social networks, dating sites and dating apps. In other words, they are using social campaigns association to defraud users. Therefore, to be on the safe side, you should not download apps from a source other than the official App Store.
You should read it
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Warning: New malicious code is infecting about 500,000 router devices
- 14 games on the App Store contain malicious code, iPhone users be careful
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- Reader code names famous games to infiltrate Microsoft Store
- Malicious code is growing up
- Discover a new kind of malicious code that can record the phone call to extort money
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Threats and risks from malware on USB Flash
- 10 million Android devices are preinstalled with malicious code from the factory
- What malicious code is designed to spread through IoT devices?
- Detects malicious code showing porn ads in children's games on Google Play
Maybe you are interested
7 Ideal Alternatives to Default Mac Apps
8 Android Apps to Write Notes Directly on the Home Screen
10 indispensable apps for book lovers
Google announces list of best apps and games on Play Store in 2024
Apple announces list of best apps and games on App Store in 2024
How to Customize and Remove Apps from Android's Share Menu