Beware of Fake Mobile Beta-Testing Apps, Warns FBI

United States: The FBI is warning the public that cyber criminals are embedding malicious code in mobile beta-testing apps to defraud potential victims.

Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems’ review processes.

Fake Mobile Beta-Testing Apps: Deceptive Lures and Tactics

The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps.

Cyber criminals often use phishing or romance scams to establish communication with a victim. Once they have established communication, they direct the victim to download a mobile beta-testing app housed within a mobile beta-testing app environment. The criminals promise incentives such as large financial payouts to encourage the victim to download the app.

For example, the FBI is aware of fraud schemes wherein unidentified cyber criminals contact victims on dating and networking apps. And direct them to download mobile beta-testing apps, such as cryptocurrency exchanges, that enable theft.

The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency. But, instead the victim funds are sent to the cyber criminals.

“If a victim downloads one of these fraudulent beta-testing apps masquerading as a legitimate cryptocurrency investment app, the app can extract money from the victim through fake investments,” reads part of FBI statement.

Indicators of Fake Beta-Testing Apps

The FBI warns of the following red flags to watch out for when dealing with mobile apps:

Mobile battery draining faster than usual
Mobile device slowing down while processing a request
Unauthorized apps installed without the user’s knowledge
Persistent pop-up ads
A high number of downloads with few or no reviews
Apps that request access to permissions that have nothing to do with the advertised functionality
Spelling or grammatical errors, vague or generic information, of a lack of details about the app’s functionality within the app description
Pop-ups that looks like ads, system warnings, or reminders

Preventive Measures

Check app developers and customer reviews before downloading.
Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
Do not provide personal or financial information in email or message and do not respond to email or message solicitations, including links.
Do not download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy of the app.
Be aware of a sense of urgency or threats, such as ‘your account will be closed’ or ‘act now’
Be wary of unsolicited attachments, even from people you know. Cyber criminals can “spoof” the return address, making it look like the message came from a trusted associate. Do not respond.
If an email, email attachment, or message seems suspicious, do not open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
Don’t click links in emails or text messages. Many cyber criminals use legitimate-looking messages to trick users into providing login details. Check the URL by hovering over the link and check for inconsistencies.
Scrutinize attachments and website hyperlinks contained in emails, even from people you think you know and save and scan any attachments before opening them.
Keep software up to date.
Restrict app permissions and uninstall apps you do not use.