How these apps will affect users
As per the warning report, these malicious apps help hackers to steal personally identifiable information (PII), access financial accounts or perform complete device takeover. The FBI warned that the apps may appear legitimate as they will use names, images or descriptions similar to popular apps.
How hackers are misusing the apps
Cybercriminals often use phishing or romance scams to establish communications with the victim. Then they direct the victim to download a mobile beta-testing app promising incentives like large financial payouts.
The FBI has discovered fraud schemes wherein unidentified attackers contact victims on dating and networking apps. Then they ask the victim to download mobile beta-testing apps like cryptocurrency exchanges. This allows the hackers to steal the victim’s information.
These apps ask the victims to enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead the victim funds are sent to the cybercriminals.
If a victim downloads one of these fraudulent beta-testing apps masquerading as a legitimate cryptocurrency investment app, the app can extract money from the victim through fake investments.
Red flags for such malicious apps
FBI has recommended some indicators that will help users to identify these malicious apps:
- Mobile battery draining faster than usual
- Mobile device slowing down while processing a request
- Unauthorised apps installed without the user’s knowledge
- Persistent pop-up ads
- A high number of downloads with few or no reviews
- Apps that request access to permissions that have nothing to do with the advertised functionality
- Spelling or grammatical errors, vague or generic information, or a lack of details about the app’s functionality within the description
- Pop-ups that look like ads, system warnings, or reminders
The FBI has also offered a few other recommendations for user safety:
- Check app developers and customer reviews before downloading.
- Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual.
- Do not provide personal or financial information in email or message and do not respond to email or message solicitations, including links.
- Do not download or use suspicious-looking apps as a tool for investing unless you can verify the legitimacy of the app.
- Be aware of a sense of urgency or threats, such as ‘your account will be closed’ or ‘act now’
- Be wary of unsolicited attachments, even from people you know. Cybercriminals can “spoof” the return address, making it look like the message came from a trusted associate. Do not respond.
- If an email, email attachment, or message seems suspicious, do not open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
- Don’t click links in emails or text messages. Many cyber criminals use legitimate-looking messages to trick users into providing login details. Check the URL by hovering over the link and check for inconsistencies.
- Scrutinise attachments and website hyperlinks contained in emails, even from people you think you know and save and scan any attachments before opening them.
- Keep software up to date.
- Restrict app permissions and uninstall apps you do not use.
- The FBI requests victims report fraudulent, suspicious or criminal activity to the
FBI Internet Crime Complaint Center at www.ic3.gov.