This article is more than 1 year old
Beware cool-looking beta crypto-apps. They may be money-stealing fakes
Try out a hot new thing before official launch? Something smells phishy
The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out – only for the software to be laced with malware.
That malicious code may steal data from devices, access and drain online financial accounts, or completely hijack the handhelds.
By dressing up these apps as beta tests, crooks can persuade curious netizens to download and install them from outside the normal app stores, bypassing whatever passes as a review process these days. The fraudsters make sure the applications look as legit as possible, we're told, using names, images, and designs found in official apps.
The Feds says they're aware of "unidentified cyber criminals" luring marks with phishing emails or romance scams; the end result being the scammers build up a level of trust – even fake relationships – with their victims to the point where those folks are tricked into downloading and installing malicious apps.
That process may well involve walking the victim through effectively jail-breaking their device, or making changes to their settings to install apps outside of the operating system's official software store, judging from the FBI's description of the scam. The Feds talk of people being lured into downloading "a mobile beta-testing app housed within a mobile beta-testing app environment."
Unsurprisingly, these bogus apps tend to be those of cryptocurrency exchanges, with promises of fat returns on investment. The victims are fooled into entering their online financial account information into the application, believing those details will be used to transfer and invest their money, but instead the funds are sent to criminal-controlled wallets.
It's essentially a fresh twist on so-called pig-butchering scams, which the FBI has been warning about for a couple of years and are costing victims hundreds of millions of dollars.
In today's alert, the FBI also suggested some red flags that may indicate you've unknowingly downloaded a malicious app.
These include the battery draining faster than usual, or the device taking a really long time to process requests. Folks should also be on alert for unauthorized apps appearing on their phones, apps that request access to permissions that have nothing to do with their functionality, and persistent pop-up ads.
It says something about the mobile software ecosystem when the above red flags could apply to real legit applications.
- Feds seize $112m in cryptocurrency linked to 'pig-butchering' finance scams
- Romance scammers' favorite lies cost victims $1.3B last year
- INTERPOL shutters '16shop' phishing-as-a-service outfit
- 'Pig butchering' romance scam domains seized and slaughtered by the Feds
Additionally, apps that boast a ton of downloads but have no or very few reviews, and those with spelling or grammatical errors or a lack of details in the description are highly suspect, the agents said. Download at your own risk — or, better yet, just don't download them at all.
And, as always, check the developers' info and customer reviews before downloading any app to your mobile device, and do not provide personal or financial information to someone you've only met online. If someone promises you something from basically nothing, it probably is too good to be true.
Banks, healthcare offices, and other legit organizations also aren't going to ask you to provide personal, financial, or health-related information in an email – if they do, tell them that's unacceptable – and warnings out of the blue along the lines of "do X or your account will be closed" are likely fake. Double check with the source.
Other advice to live by: don't trust links in emails or text messages, and scan attachments before opening them. Keep your software up to date, and restrict app permissions, and uninstall ones that you don't use. Feel free to share more tips in the comments section. This isn't an exhaustive list, though it does feel a little "to be safe on the internet, don't do anything. At all."
Which we know isn't entirely helpful.
Here's hoping this heads-up will help you avoid becoming one of the hundreds of thousands of victims who lost more than $10.2 billion [PDF] to cybercriminals last year alone, though. ®