Cybercriminals are increasingly trying to trick victims into installing malicious apps that are supposedly in a beta phase. These are mainly fake cryptocurrency apps, the FBI warns.
According to the U.S. investigative agency, cybercriminals are increasingly trying to trick victims into installing “beta versions” of cryptocurrency apps. These apps are then used to extort money from them.
Beta versions of apps are often designed to allow users to provide feedback to developers before the app is officially released. With the use of these beta versions, cybercriminals try to evade the thorough screening that app stores conduct to test new apps for legitimacy. Within all app stores, these apps do not go through the rigorous screening process, but are screened superficially.
The rogue beta apps have already been found in Apple TestFlight. According to Google, beta apps undergo the same thorough screening as normal apps in its Google Playstore.
Temptation via phishing or dating sites
According to the FBI, victims are enticed to install these apps through phishing or “romance scams” on dating sites. The rogue apps look legitimate and are hosted in trusted app stores.
Victims must sign into the apps, entering their legitimate account information and/or making an upfront payment. Instead of this money getting into their (crypto) account, it is immediately funneled to the cybercriminals.
Tips for protection
To prevent these types of attacks, the FBI indicates that users should always check developers and reviews before downloading. High download numbers and few reviews should be a warning sign that the app may be rogue.
They should also be alert to unsolicited installed apps, asking for more permissions than strictly necessary, increased battery usage and slower-than-normal mobile device operation.
Also read: EvilProxy phishing campaign hits thousands of Microsoft 365 accounts