• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Tuesday, 21 March, 2023
  • Login
topfmonline.com
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
topfmonline.com
No Result
View All Result
Home Technology

Scammers are using Apple’s own tools to install malware on your iPhone

TOPFM NEWS by TOPFM NEWS
March 21, 2022
in Technology
A A
0
Scammers are using Apple’s own tools to install malware on your iPhone
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Malicious apps make their way on to the Google Play store way too often. We have covered these incidents repeatedly in recent years, and the scammers always appear to be one step ahead of Google. Though Apple is better at keeping malicious apps at bay, iPhone malware is still a real problem. In fact, according to a new report from security firm Sophos, hackers have found two sneaky new ways to get malware on to your iPhone.

New iPhone malware distribution schemes

Last year, Sophos started tracking an organized crime campaign which it named CryptoRom. The scam uses social engineering and fraudulent apps to steal money from its unsuspecting victims. According to Sophos, the CryptoRom campaign continues to spread. Scammers are even starting to find ways to use Apple’s own tools against it.

Previously, Sophos explained that scammers were exploiting Apple’s “super signature” app distribution method to spread malicious apps on iOS devices. The team has now discovered that CryptoRom authors are also abusing Apple’s TestFlight service.

Developers usually use TestFlight to disseminate early build of their new apps that still need testing before they launch on the App Store. TestFlight supports small, internal tests of up to 100 users and public beta tests of up to 10,000 users. As Sophos notes, developers distribute apps by email for smaller tests, which don’t require App Store security reviews.

As Jagadeesh Chandraiah, a senior threat researcher at Sophos, explains:

[TestFlight] is cheaper to use than other schemes because all you need is an IPA file with a compiled app. The distribution is handled by someone else, and when (or if) the malware gets noticed and flagged, the malware developer can just move on to the next service and start again. [TestFlight] is preferred by malicious app developers in some instances over Super Signature or Enterprise Signature as it is bit cheaper and looks more legitimate when distributed with the [TestFlight app].

CryptoRom apps for iOS and Android were distributed through a fraudulent site. All of the iOS versions of the apps used TestFlight to install on victims’ devices.

Scammers are abusing Web Clips as well

Unfortunately, the scams don’t end there. Threat actors are also trying to lure victims in with Web Clips. As Apple explains on its site, “Web Clips provide fast access to favorite webpages or links.” Here’s a sample of a malicious Web Clip from Sophos:

RobinHand Web Clip scam on iOS.
RobinHand Web Clip scam on iOS.

“In addition to App store pages, all these fake pages also had linked websites with similar templates to convince users—different brands and icons, but similar web content and structure,” Chandraiah writes. “This is probably done to move on from one brand to another when they get blocked or found out. This shows how cheap and easy it is to mimic popular brands while siphoning thousands of dollars from victims.”

This is yet more proof that those ridiculous ads you see all over the internet are more than just an eyesore. As always, be extremely careful when downloading an app from any source other than the App Store. Scammers are always finding new ways to trick us.

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Source: Jacob Siegal
Via: BGR
Tags: Apple's own tools to install malware on your iPhone
Previous Post

Germany seals gas deal with Qatar to reduce dependence on Russia

Next Post

MacBook Pro owners warn macOS 12.3 is bricking some computers

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections
Technology

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account
Technology

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Microsoft releases tweet-size exploit for macOS sandbox escape bug
Technology

Microsoft releases tweet-size exploit for macOS sandbox escape bug

July 14, 2022
9
Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’
Technology

Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’

July 14, 2022
2
Ex-CIA engineer Joshua Schulte convicted over massive data leak
Technology

Ex-CIA engineer Joshua Schulte convicted over massive data leak

July 14, 2022
2
Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC
Technology

Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC

July 13, 2022
2
Next Post
MacBook Pro owners warn macOS 12.3 is bricking some computers

MacBook Pro owners warn macOS 12.3 is bricking some computers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

2022 Budget Afghanistan akufo addo Amazon Apiate explosion Appiate apple AT&T Bawku Black Stars covid COVID-19 COVID 19 E-Levy election facebook Ghana Police Service Google Government health Intel iphone Mahama Microsoft Minority momo NDC news NPP Nvidia OMICRON Parliament police Russia security South Africa Taliban tech Tesla US UTAG vaccine vaccines Verizon Xinjiang

Recent Posts

  • Black Stars arrive in Kumasi for Angola clash
  • Western Togoland case: 5 secessionists sentenced to 5 years in prison each
  • Debt recovery: Digitalized system helps in tracking recouped cash – ECG
  • TOR pays GH¢5m out of GH¢32m debt it owed ECG
  • No headmaster can deny your child education over prospectus – Adutwum

Recent Comments

No comments to show.

RECENT NEWS

  • Black Stars arrive in Kumasi for Angola clash March 21, 2023
  • Western Togoland case: 5 secessionists sentenced to 5 years in prison each March 21, 2023
  • Debt recovery: Digitalized system helps in tracking recouped cash – ECG March 21, 2023
  • TOR pays GH¢5m out of GH¢32m debt it owed ECG March 21, 2023

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

Zipline unveils new autonomous system capable of quiet, fast and precise home delivery
Health

Zipline unveils new autonomous system capable of quiet, fast and precise home delivery

5 days ago
0
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2023 Top Media Group - Powered by BackUp Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2023 Top Media Group - Powered by BackUp Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In