Apple has touted that iOS and iPadOS are more secure platforms than Android several times in the past. It is primarily due to the fact the Cupertino giant has always discouraged sideloading of apps (though it can be easily done) to prevent users from downloading malicious apps on their devices. However, scammers have now found a way to spread malicious apps to iOS users that can put their privacy at risk. Let’s take a look at the details below.
Apple, as you might know, distributes pre-production apps and games for beta testing by directly inviting users via links for people to test via the TestFlight app. TestFlight can be used by developers to invite up to 10,000 users to beta test an app or a game. Now, a recent report from security firm Sophos suggests scammers are using the same app to distribute their malicious apps to iPhone and iPad users, and it is through Apple’s beta testing platform TestFlight.
Furthermore, the CryptoRom scammers are also distributing malicious applications disguised as legit web apps or WebClips that users can pin to their home screens on their iPhones and iPads. And as these are not being distributed through Apple’s trusted App Store, they bypass the App Store review process, much like the TestFlight apps and games. CryptoRom also affects Android users.
