Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications
New York – Rashad Alkhader – – Free Yemen Eye – From -News FBI
The #FBI is warning the public that #cybercriminals are embedding malicious code in mobile beta-testing applications to defraud potential victims. Beta-testing apps are online services for testing mobile apps before their official release, typically not subject to mobile operating systems’ review processes.
These malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. Read this #PSA to learn how to protect yourself and your organization, and file a report to IC3.gov if you fall victim: https://www.ic3.gov/Media/Y2023/PSA230814
Cyber Criminals Targeting Victim through Mobile Beta-Testing Applications
The FBI is warning the public that cyber criminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims. Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems’ review processes.
The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps. Cyber criminals often use phishing or romance scams to establish communications with the victim, then direct the victim to download a mobile beta-testing app housed within a mobile beta-testing app environment, promising incentives such as large financial payouts.
The FBI is aware of fraud schemes wherein unidentified cyber criminals contact victims on dating and networking apps and direct them to download mobile beta-testing apps, such as cryptocurrency exchanges, that enable theft. The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead the victim funds are sent to the cyber criminals.
If a victim downloads one of these fraudulent beta-testing apps masquerading as a legitimate cryptocurrency investment app, the app can extract money from the victim through fake investments.
INDICATORS
Red flags of a malicious app include:
Mobile battery draining faster than usual
Mobile device slowing down while processing a request
Unauthorized apps installed without the user’s knowledge
Persistent pop-up ads
A high number of downloads with few or no reviews
Apps that request access to permissions that have nothing to do with the advertised functionality
Spelling or grammatical errors, vague or generic information, of a lack of details about the app’s functionality within the app description
Pop-ups that looks like ads, system warnings, or reminders
RECOMMENDATIONS
Check app developers and customer reviews before downloading.
Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
Do not provide personal or financial information in email or message and do not respond to email or message solicitations, including links.
Do not download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy of the app.
Be aware of a sense of urgency or threats, such as ‘your account will be closed’ or ‘act now’
Be wary of unsolicited attachments, even from people you know. Cyber criminals can “spoof” the return address, making it look like the message came from a trusted associate. Do not respond.
If an email, email attachment, or message seems suspicious, do not open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
Don’t click links in emails or text messages. Many cyber criminals use legitimate-looking messages to trick users into providing login details. Check the URL by hovering over the link and check for inconsistencies.
Scrutinize attachments and website hyperlinks contained in emails, even from people you think you know and save and scan any attachments before opening them.
Keep software up to date.
Restrict app permissions and uninstall apps you do not use.
The FBI requests victims report fraudulent, suspicious or criminal activity to the FBI Internet Crime Complaint Center at www.ic3.gov.
