Scammers have 2 clever new ways to install malicious apps on iOS devices

by
Dan Goodin
from Ars Technica - All content on (#5X6F8)
smartphone-thing-800x534.jpeg

Enlarge (credit: Getty Images)

Scammers pushing iOS malware are stepping up their game by abusing two legitimate Apple features to bypass App Store vetting requirements and trick people into installing malicious apps.

Apple has long required that apps pass a security review and be admitted to the App Store before they can be installed on iPhones and iPads. The vetting prevents malicious apps from making their way onto the devices, where they can then steal cryptocurrency and passwords or carry out other nefarious activities.

A post published Wednesday by security firm Sophos sheds light on two newer methods being used in an organized crime campaign dubbed CryptoRom, which pushes fake cryptocurrency apps to unsuspecting iOS and Android users. While Android permits sideloading" apps from third-party markets, Apple requires iOS apps to come from the App Store, after they've undergone a thorough security review.

Read 9 remaining paragraphs | Comments

index?i=6_hQEYU97HI:lV79wm5OCqE:V_sGLiPB index?i=6_hQEYU97HI:lV79wm5OCqE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments