The Federal Bureau of Investigation is warning the public that cyber criminals are embedding malicious code in mobile beta-testing apps in order to defraud potential victims.
In a Monday public service announcement, the agency said that the malicious apps enable the theft of personally identifiable information, financial account access or device takeover.
The beta-testing apps may appear legitimate by using names, images or descriptions similar to popular apps.
Beta-testing apps are online services that allow mobile app testing prior to official release and are typically not subject to mobile operating systems’ review processes.
Notably, cyber criminals often use phishing or romance scams in order to establish communications with the victim. Then, they direct the victim to download a mobile beta-testing app within a mobile beta-testing app environment, promising incentives such as financial payouts.
“The FBI is aware of fraud schemes wherein unidentified cyber criminals contact victims on dating and networking apps and direct them to download mobile beta-testing apps, such as cryptocurrency exchanges, that enable theft,” the warning noted. “The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead the victim funds are sent to the cyber criminals.”
Should a victim download one of these fraudulent beta-testing apps that is masquerading as a legitimate cryptocurrency investment app, the app can extract money from the victim via fake investments.
The FBI says there are a number of red flags indicating that a beta-testing app may be malicious.
Those including a mobile battery draining more rapidly than usual, a device slowing down while processing a request, unauthorized apps installed, persistent pop-up ads, a high number of downloads with no or few reviews, spelling or grammar errors, vague or generic information, pop-ups that look like ads, system warnings or reminders and apps that request access to permissions that have nothing to do with the advertised functionality.
Individuals should make sure to check app developers and customer reviews before downloading, should not send payments to people they have only spoken to online, should not provide personal or financial information in email or message or respond to email or message solicitations, should not download or use suspicious-looking apps, should be alert regarding a sense of urgency or threats and be wary of unsolicited or suspicious attachments, should not click links in emails or text messages, should scrutinize attachments and website hyperlinks in emails, should keep software up to date and restrict app permissions and uninstall apps that are not used.
The FBI requests victims report fraudulent, suspicious or criminal activity to the FBI Internet Crime Complaint Center at www.ic3.gov.