Beta Apps – Cyber Criminals Targeting Victims through Mobile Beta-Testing Designated Applications
Beta App Danger
Beta-testing apps are software applications that are still under development and are normally not yet released to the public. They are often made available to a select group of users who volunteer to test the apps and provide feedback to the developers.
There are a number of dangers associated with installing beta apps on your devices. First, these apps are not as thoroughly tested as the final versions of the apps, which means that they may contain bugs or security vulnerabilities. These vulnerabilities could be exploited by hackers to gain access to your device or steal your data.
Second, beta apps are often not typically available through official app stores, such as the Apple App Store or the Google Play Store. This means that they are not subject to the same security checks as apps that are available through these stores. This makes it more likely that these apps contain malware or other malicious software. However, it appears that the app stores are much more tolerant of ‘beta’ designated apps and have been allowing them in their app stores with much less security.
In recent years, there have been a number of cases where beta apps have been used to bypass app security and deliver scamware or malware. In one case, a beta version of the popular game Fortnite was used to deliver a malicious app that infected users’ devices with ransomware. In another case, a beta version of the Facebook app was used to deliver a scam app that tricked users into giving away their personal information.
If you are considering installing a beta app, it is important to be aware of the risks involved. Only install apps from trusted sources and be sure to read the reviews before installing. You should also keep your device’s security software up to date.
FBI Beta App Warning
The FBI is warning the public that cybercriminals are embedding malicious code in mobile beta-testing applications (beta apps) to defraud potential victims. Beta-testing apps are online services for testing mobile apps prior to the official release. The beta apps typically are not subject to mobile operating systems’ review processes.
The malicious beta apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps. Cybercriminals often use phishing or romance scams to establish communications with the victim, then direct the victim to download a mobile beta app housed within a mobile beta-testing app environment, promising incentives such as large financial payouts.
The FBI is aware of fraud schemes wherein unidentified cybercriminals contact victims on dating and networking apps and direct them to download mobile beta apps, such as cryptocurrency exchanges, that enable theft. The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead, the victim funds are sent to the cybercriminals.
If a victim downloads one of these fraudulent beta-testing apps masquerading as a legitimate cryptocurrency investment app, the app can extract money from the victim through fake investments.
BETA APP INDICATORS
Red flags of any malicious app include:
- Mobile battery draining faster than usual
- Mobile device slowing down while processing a request
- Unauthorized apps installed without the user’s knowledge
- Persistent pop-up ads
- A high number of downloads with few or no reviews
- Apps that request access to permissions that have nothing to do with the advertised functionality
- Spelling or grammatical errors, vague or generic information, of a lack of details about the app’s functionality within the app description
- Pop-ups that look like ads, system warnings, or reminders
BETA APP RECOMMENDATIONS
- Check the app developers and customer reviews before downloading.
- Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
- Do not provide personal or financial information in email or message and do not respond to email or message solicitations, including links.
- Do not download or use suspicious-looking apps as a tool for investing unless you can verify the legitimacy of the app.
- Be aware of a sense of urgency or threats, such as ‘your account will be closed’ or ‘act now’
- Be wary of unsolicited attachments, even from people you know. Cybercriminals can “spoof” the return address, making it look like the message came from a trusted associate. Do not respond.
- If an email, email attachment, or message seems suspicious, do not open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
- Don’t click links in emails or text messages. Many cyber criminals use legitimate-looking messages to trick users into providing login details. Check the URL by hovering over the link and checking for inconsistencies.
- Scrutinize attachments and website hyperlinks contained in emails, even from people you think you know and save and scan any attachments before opening them.
- Keep software up to date.
- Restrict app permissions and uninstall apps you do not use.
Here are some tips to help you stay safe when installing beta-testing apps:
- Only install apps from trusted sources, such as the official app stores for your device, from trusted app developers and publishers.
- Read the reviews of the app before installing it.
- Keep your device’s security software up to date. SCARS uses Malwarebytes.
- Be careful about what permissions you grant to the app.
- If you have any concerns about an app, don’t install it.
- If you have any apps that you do not really know uninstall them.
- If you use your device for online banking – do not install any questions apps such as games! Your banking security comes first!
By following these tips, you can help protect yourself from the dangers of installing beta apps.