An app used by scammers to install malware, notably because it’s Apple!

TestFlight is an Apple app created to help developers test Beta versions to users before they are publicly released on the App Store. However, scammers have used the platform to launch malicious apps without Apple’s knowledge.

As reported by security firm Sophos, an organized crime campaign known as “CryptoRom” has been distributing fake cryptocurrency apps to iOS and Android users. They took advantage of TestFlight to “bypass” the App Store’s testing process because the platform is intended to test software before it’s released.

As a result, Apple is unaware that scammers are distributing a malicious app as a Beta app, and any iOS user who has TestFlight installed can download the app. Installing apps through TestFlight is pretty easy, as developers can even create public download links for up to 10,000 people instead of inviting each user with their email.

Jagadeesh Chandraiah, a malware analyst at security firm Sophos wrote: “Some victims who contacted us reported that they were instructed to install BTCBOX – an application for exchanges “We also found fake websites for crypto mining company BitFury selling fake apps through TestFlight.”

The report also reveals that scammers also advertise malicious web apps (which are web pages that can be added to the home screen of an iOS device to run as apps) to get through the review process. of the App Store.

Because changing the way TestFlight works will affect developers, Apple has warned that users can avoid being scammed by not downloading and installing any software from unknown sources. specified, even if it is distributed through TestFlight.