Discover an iPhone trick that may cause your money to be stolen

Scammers have discovered a smart way to install malicious apps on iPhones that enables them to steal victims' money, according to a report from cybersecurity experts published by the British newspaper, The Sun.

Experts have found that the attackers managed to get around Apple's security software used in iOS through a fake cryptocurrency app distribution program.

Once the software is installed on the device, the malware steals people's cryptocurrency wallets without their knowledge.

Researchers at the British company Sophos reported that this operation is part of a campaign by the organized crime group known as "Cryptorum".

"This pattern of electronic fraud is a well-organized mass fraud," the team wrote in a blog post.

"It uses a mixture of often psychologically focused social engineering, fraudulent financial apps and websites to trick victims and steal their savings after gaining their trust," they added.

According to Sophos, the hoax takes advantage of a flaw in Apple's Test Flight, a tool created to help developers distribute their test apps to users before they're released to everyone in the App Store.

By installing the Test Flight iOS app, iPhone and iPad owners can try out older versions of the apps before anyone else.

Because the official Apple App Store is protected by all sorts of protections that prevent scammers from listing their malicious apps there, they resort to Test Flight, which doesn't have the same safeguards applied, exposing beta testers to fraud.

According to Sophos, cybercriminals are now taking advantage of this security oversight by creating malicious and fake cryptocurrency applications and distributing them via TestFlight.

Developers can invite up to 10,000 testers to install dodgy apps and any iOS user with TestFlight can download them.

The trick is that these scammers invite people with cryptocurrency wallets to test apps that appear to be legitimate cryptocurrency wallets or exchanges, but as soon as the app is downloaded, the malware steals users' wallets.

“Some of the victims who contacted us have reported being instructed to install what appears to be BTCbox, a Japanese cryptocurrency exchange app,” Sophos experts wrote.

They added, "We also found fake sites impersonating crypto-mining company Bit Fury to promote fake apps through TestFlight. This threat remains very active, and continues to affect victims worldwide, in some cases costing them." their life savings.

The researchers added that Android users are also targeted by malware.

Apple has previously urged TestFlight users not to download and install software from unknown sources.