CryptoRom criminals are now distributing malicious programmes to susceptible iPhone users via Apple's TestFlight software pre-release testing infrastructure.
"CryptoRom" assaults, first found in 2021, employed a mix of social media, dating apps, cryptocurrency, and misuse of Apple's Enterprise Developer programme to steal $1.4 million from victims. The fraud has now developed to make use of Apple's TestFlight platform.
TestFlight is a platform that allows app developers to distribute beta versions of their applications to customers. This allows customers to test a programme before it is published to the App Store. The service is useful to developers since it allows them to receive feedback and problem reports from folks who want a first look at a new programme.
Unfortunately, TestFlight campaigns do not receive the same level of scrutiny as apps placed on Apple's App Store. Scammers can urge a victim to install TestFlight and then click on a simple link to install a malicious software on their smartphone.
TestFlight is relatively simple to use, which makes it more simpler for CryptoRom fraudsters to succeed.
Sophos spoke with victims of the fraud, who said they were routed to phoney versions of BTCBOX, a Japanese bitcoin exchange. Sophos also discovered sites posing as bitcoin mining outfit BitFury, hawking bogus software via TestFlight.
