FBI warns smartphone users about scheme that can drain their bank accounts
The FBI is warning mobile device users of a new technique used by cybercriminals to promote malicious beta versions of apps on popular app storefronts. When these apps are installed on mobile devices they are then used to steal personal information and more. The bad guys submit the apps to app stores as beta apps. In case you're not familiar with the term, a beta app is one that is being tested by users who submit feedback about the app to its developers before the app is officially released.
The FBI says Beta apps are not subject to the rigorous testing that stable versions of an app must face
The report says that beta apps do not go through the same rigorous code review and instead, they are "superficially scrutinized" to make sure that they are not compromised. This allows the malicious code to remain hidden that is activated after the app is installed on a phone. This code performs hostile activity such as gaining access to financial accounts, stealing personal data, and completely taking over control of your phone.
The FBI warns mobile device owners about installing fake beta apps
The FBI says that these apps might appear legitimate and could have names and use images that are similar to popular apps. Cybercriminals might use phishing schemes (which are fake emails that look legitimate) or romance schemes to get in touch with the victim. The victim is then led by the criminals to install a fraudulent beta app on their phone by promising the victim a big financial reward.
Getting the victim to install the fake beta app is key to this scam. The FBI says it "is aware of fraud schemes wherein unidentified cyber criminals contact victims on dating and networking apps and direct them to download a fraudulent beta version of a mobile app, such as cryptocurrency exchanges, that enable theft. The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead, the victim funds are sent to the cybercriminals."
The FBI says to watch out for these signs that you might have installed an app with malware
The FBI notice includes a list of red flags that can warn you that a malware-laden app is installed on your device. These red flags, some of which we've discussed in the past, include:
- Mobile battery draining faster than usual.
- Mobile device slowing down while processing a request.
- Unauthorized apps installed without the user's knowledge.
- Persistent pop-up ads.
- A high number of downloads with few or no reviews.
- Apps that request access to permissions that have nothing to do with the advertised functionality.
- Spelling or grammatical errors, vague or generic information, of a lack of details about the app's functionality within the app description.
- Pop-ups that looks like ads, system warnings, or reminders.
The FBI has some recommendations including one that we remind you of often. Before installing an app from a developer you don't know, read the customer comments and look for complaints about rapid battery draining, or complaints about the phone getting too hot to the touch. Stay away from such apps. Do not reply to emails by sending personal financial information, and do not tap on any links sent to you via email.
Be aware of messages that are making you respond quickly by giving you a sense of urgency. These emails might threaten to turn off your wireless service or shut down your electric account if you don't make a payment or respond right now. Check over website URLs for something that might not "smell right." And make sure that your software is kept up-to-date, especially security updates. Restrict app permissions and uninstall apps you don't use.
If you've been a victim of a malware-laden app, you can report the incident to the FBI by clicking this link and filling out the appropriate form.
Things that are NOT allowed: