Scammers use a legitimate Apple platform to infect iPhones
Scammers know that Apple's App Store has a lot of safety measures in place to protect its users from malicious apps. This is why they have adapted and begun using a new method to infect your iPhone with a harmful virus by utilizing a legitimate platform made by Apple.
As first reported by a security firm called Sophos, an organized crime campaign bearing the name CryptoRom has been using Apple's TestFlight platform to distribute fake cryptocurrency apps to iOS users (via 9to5Mac).
Apple's TestFlight platform is designed for app developers to send their apps to beta testers. TestFlight allows developers to invite up to 10,000 testers or use public direct download links for users to install their apps and participate in the beta testing program for those apps. Because these apps are in a pre-release testing stage, they don't go through the App Store's review process, and it's easier for scammers to distribute malicious software via fake apps.
Sophos's report also reveals that scammers also use malicious web apps, which are basically app versions of websites, to infect phones with malicious software. This is another tactic that scammers use to bypass Apple's App Store's safety measures.
Because of the danger that these fake apps created by scammers present, Apple advises that you never download and install software from unknown sources and that you do not tap on links or open or save files from suspicious emails. It should be noted that scammers like CryptoRom are trying to infect Android devices as much as iPhones, so Apple's advice applies to Android users as well.
As first reported by a security firm called Sophos, an organized crime campaign bearing the name CryptoRom has been using Apple's TestFlight platform to distribute fake cryptocurrency apps to iOS users (via 9to5Mac).
In other words, everyone who uses TestFlight could be tricked into downloading such a fake cryptocurrency app and getting their phone infected with a virus. The biggest problem is that Apple doesn't know which apps are infected and used by scammers to distribute viruses.
Sophos's report also reveals that scammers also use malicious web apps, which are basically app versions of websites, to infect phones with malicious software. This is another tactic that scammers use to bypass Apple's App Store's safety measures.
Things that are NOT allowed: