Two Apple Features Used by Scammers To Bypass App Store—Installing iOS Malware

Two Apple features are now being used by scammers to bypass the official App Store's security functions (vetting requirements).

Apple iPhone
Apple CEO Steve Jobs watches a video of the new iPhone 3G as he delivers the keynote address at the Apple Worldwide Web Developers Conference June 9, 2008 in San Francisco, California. Jobs kicked off the 2008 WWDC conference with a keynote where he announced an upgraded version of the popular iPhone called the iPhone 3G. Justin Sullivan/Getty Images

Because of these, online attackers are able to exploit iOS malware, tricking people into downloading infected Apple applications.

For the past few years, the official Apple App Store required applications to pass a security review before they are published on the app platform.

The iPhone maker's app store has the so-called vetting system that prevents malicious apps from getting installed on iPhones and iPads.

Two Apple Features Used by Scammers on App Store

According to Ars Technica's latest report, the British security firm Sophos discovered that two features of Apple are now used by cybercriminals.

Two Apple Features Used by Scammers To Bypass App Store—Installing iOS Malware
The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security. Photo by Justin Sullivan/Getty Images

"Previously, we found CryptoRom's deceptive applications for iOS devices exploiting Apple's 'Super Signature' application distribution scheme and abuse of Apple's enterprise application deployment scheme," said the cybersecurity firm via its official blog post.

Now, Sophos claimed that CryptoRom is now using Apple's TestFlight feature as well. Aside from this iOS function, security experts also believe that the WebClips feature is also being used by the hacking group to bypass the vetting system of the official App Store.

What is TestFlight, WebClips Features?

TestFlight is a platform used by the iPhone maker to allow app developers to conduct beta tests for their new applications. All iOS users can use this online tool to install apps that have not yet passed Apple's vetting system.

Meanwhile, the WebClips feature can turn website links into an app icon. CryptoRom scammers rely on this feature since it allows them to add clout to malicious links, disguising them as legitimate applications.

If you want to see more details about these two Apple features, you can visit this link.

In other news, the U.S. government is now warning against PrintNightMare exploitation. Meanwhile, Germany suggests that companies must replace their Kaspersky antivirus tool with other non-Russian software models.

For more news updates about other security threats, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics