Scammers are using Apple’s own tools to install malware on your iPhone

Jacob Siegal

March 18, 2022 at 5:49 PM·3 min read

If you purchase an independently reviewed product or service through a link on our website, BGR may receive an affiliate commission.

Malicious apps make their way on to the Google Play store way too often. We have covered these incidents repeatedly in recent years, and the scammers always appear to be one step ahead of Google. Though Apple is better at keeping malicious apps at bay, iPhone malware is still a real problem. In fact, according to a new report from security firm Sophos, hackers have found two sneaky new ways to get malware on to your iPhone.

Don't Miss: Friday’s deals: Ninja air fryer, Beats headphones, Arlo camera sale, $20 Fire Stick, more

Today's Top Deals

New iPhone malware distribution schemes

Last year, Sophos started tracking an organized crime campaign which it named CryptoRom. The scam uses social engineering and fraudulent apps to steal money from its unsuspecting victims. According to Sophos, the CryptoRom campaign continues to spread. Scammers are even starting to find ways to use Apple’s own tools against it.

Previously, Sophos explained that scammers were exploiting Apple’s “super signature” app distribution method to spread malicious apps on iOS devices. The team has now discovered that CryptoRom authors are also abusing Apple’s TestFlight service.

Developers usually use TestFlight to disseminate early build of their new apps that still need testing before they launch on the App Store. TestFlight supports small, internal tests of up to 100 users and public beta tests of up to 10,000 users. As Sophos notes, developers distribute apps by email for smaller tests, which don’t require App Store security reviews.

As Jagadeesh Chandraiah, a senior threat researcher at Sophos, explains:

[TestFlight] is cheaper to use than other schemes because all you need is an IPA file with a compiled app. The distribution is handled by someone else, and when (or if) the malware gets noticed and flagged, the malware developer can just move on to the next service and start again. [TestFlight] is preferred by malicious app developers in some instances over Super Signature or Enterprise Signature as it is bit cheaper and looks more legitimate when distributed with the [TestFlight app].

CryptoRom apps for iOS and Android were distributed through a fraudulent site. All of the iOS versions of the apps used TestFlight to install on victims’ devices.

Scammers are abusing Web Clips as well

Unfortunately, the scams don’t end there. Threat actors are also trying to lure victims in with Web Clips. As Apple explains on its site, “Web Clips provide fast access to favorite webpages or links.” Here’s a sample of a malicious Web Clip from Sophos:

“In addition to App store pages, all these fake pages also had linked websites with similar templates to convince users—different brands and icons, but similar web content and structure,” Chandraiah writes. “This is probably done to move on from one brand to another when they get blocked or found out. This shows how cheap and easy it is to mimic popular brands while siphoning thousands of dollars from victims.”

This is yet more proof that those ridiculous ads you see all over the internet are more than just an eyesore. As always, be extremely careful when downloading an app from any source other than the App Store. Scammers are always finding new ways to trick us.

More iPhone coverage: For more iPhone news, visit our iPhone 13 guide.

Click here to read the full article.

See the original version of this article on BGR.com

Yahoo Sports
Based on the odds, here's what the top 10 picks of the NFL Draft will be
What would a mock draft look like using just betting odds?
3d ago
Yahoo Sports
Broncos, Jets, Lions and Texans have new uniforms. Let's rank them
Which new uniforms are winners this season?
23h ago
Yahoo Finance
Jamie Dimon is worried the US economy is headed back to the 1970s
JPMorgan's CEO is concerned the US economy could be in for a repeat of the stagflation that hampered the country during the 1970s.
2d ago
Yahoo Sports
Luka makes Clippers look old, Suns are in big trouble & a funeral for Lakers | Good Word with Goodwill
Vincent Goodwill and Tom Haberstroh break down last night’s NBA Playoffs action and preview several games for tonight and tomorrow.
18h ago
Autoblog
These are the cars being discontinued for 2024 and beyond
As automakers shift to EVs, trim the fat on their lineups and cull slow-selling models, these are the vehicles we expect to die off soon.
2d ago
Yahoo TV
Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.
Ryan Gosling, who starred in the skit, couldn't keep a straight face — and neither could some of the "Saturday Night Live" cast.
2d ago
Yahoo Sports
Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion
The Red Sox were already mourning the loss of Tim Wakefield from that 2004 team.
5d ago
Yahoo Sports
Ryan Garcia drops Devin Haney 3 times en route to stunning upset
The 25-year-old labeled "mentally fragile" by many delivered the upset for the ages.
4d ago
Yahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
9d ago
Yahoo Sports
Arch Manning dominates in the Texas spring game, and Jaden Rashada enters the transfer portal
Dan Wetzel, Ross Dellenger & SI’s Pat Forde react to the huge performance this weekend by Texas QB Arch Manning, Michigan and Notre Dame's spring games, Jaden Rashada entering the transfer portal, and more
3d ago
Yahoo Sports
Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions
Reid's deal reportedly runs through 2029 and makes him the highest-paid coach in the NFL.
3d ago
Yahoo Sports
Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal
Cortés' attempt didn't fool Andrés Giménez, who fouled off the pitch.
5d ago
Yahoo Life
Here’s when people think old age begins — and why experts think it’s starting later
People's definition of "old age" is older than it used to be, new research suggests.
3d ago
Yahoo Finance
Donald Trump nabs additional $1.2 billion 'earnout' bonus from DJT stock
Trump is entitled to an additional 36 million shares if the company's share price trades above $17.50 "for twenty out of any thirty trading days" over the next three years.
2d ago
Yahoo Sports
2024 NFL mock draft: With one major trade-up, it's a QB party in the top 5
Our final 2024 mock draft projects four quarterbacks in the first five picks, but the Cardinals at No. 4 might represent the key pivot point of the entire board.
3d ago
Yahoo Finance
Retirement confidence in the US ticks up; new rule for financial advisors is set to start
Two-thirds of Americans reported that they feel confident they have enough money for a comfortable retirement, up a notch from last year.
3h ago
Yahoo Finance
What US taxpayers will get for another $61 billion to Ukraine
Congress is finally providing more of the aid Ukraine needs to survive. Here's why this is money well spent.
2d ago
Yahoo Sports
Dylan Edwards set to be latest Colorado running back to enter transfer portal
All four rushers who had more than 10 carries in 2023 for the Buffaloes are transferring.
2d ago
Yahoo Sports
Arch Manning puts on a show in Texas' spring game, throwing for 3 touchdowns
Arch Manning gave Texas football fans an enticing look at the future, throwing for 355 yards and three touchdowns in the Longhorns' Orange-White spring game.
5d ago
Yahoo Sports
NBA Playoffs: Lillard sinks the Pacers, Celtics-Heat controversy, plus injury concerns for Kawhi & Embiid
Vincent Goodwill and Amin Elhassan react to (just about) every Round 1 game of the NBA Playoffs after the first games have been played over the weekend.
3d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Scammers are using Apple’s own tools to install malware on your iPhone

New iPhone malware distribution schemes

Scammers are abusing Web Clips as well

Recommended Stories

Based on the odds, here's what the top 10 picks of the NFL Draft will be

Broncos, Jets, Lions and Texans have new uniforms. Let's rank them

Jamie Dimon is worried the US economy is headed back to the 1970s

Luka makes Clippers look old, Suns are in big trouble & a funeral for Lakers | Good Word with Goodwill

These are the cars being discontinued for 2024 and beyond

Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.

Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion

Ryan Garcia drops Devin Haney 3 times en route to stunning upset

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Arch Manning dominates in the Texas spring game, and Jaden Rashada enters the transfer portal

Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions

Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal

Here’s when people think old age begins — and why experts think it’s starting later

Donald Trump nabs additional $1.2 billion 'earnout' bonus from DJT stock

2024 NFL mock draft: With one major trade-up, it's a QB party in the top 5

Retirement confidence in the US ticks up; new rule for financial advisors is set to start

What US taxpayers will get for another $61 billion to Ukraine

Dylan Edwards set to be latest Colorado running back to enter transfer portal

Arch Manning puts on a show in Texas' spring game, throwing for 3 touchdowns

NBA Playoffs: Lillard sinks the Pacers, Celtics-Heat controversy, plus injury concerns for Kawhi & Embiid