Enlarge (credit: Getty Images)
Scammers pushing iOS malware are stepping up their game by abusing two legitimate Apple features to bypass App Store vetting requirements and trick people into installing malicious apps.
Apple has long required that apps pass a security review and be admitted to the App Store before they can be installed on iPhones and iPads. The vetting prevents malicious apps from making their way onto the devices, where they can then steal cryptocurrency and passwords or carry out other nefarious activities.
A post published Wednesday by security firm Sophos sheds light on two newer methods being used in an organized crime campaign dubbed CryptoRom, which pushes fake cryptocurrency apps to unsuspecting iOS and Android users. While Android permits “sideloading” apps from third-party markets, Apple requires iOS apps to come from the App Store, after they’ve undergone a thorough security review.
