The Federal Bureau of Investigation (FBI) has issued a new warning about criminals making use of beta-testing apps to steal critical personal information of victims.
Beta-testing apps are services that allow for testing mobile apps before they are officially released. Such apps are usually not subject to the review processes of a mobile operating system. “Cyber-criminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims,” the FBI said in a public service announcement on Aug. 14.
“Cyber-criminals often use phishing or romance scams to establish communications with the victim, then direct the victim to download a mobile beta-testing app housed within a mobile beta-testing app environment, promising incentives such as large financial payouts.”
Potential red flags of a malicious app include faster draining of mobile battery; cell phone slowing down when processing a request; installation of unauthorized apps without the knowledge of the user; and exposure to persistent pop-up ads.
“The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps.”
Some malicious apps may request access to permissions that have nothing to do with its stated functionality. If an app description has spelling and grammatical errors or contains vague, generic information while details of functionality are absent, the app could be malicious, the FBI warned.
The agency recommended users to check app developer and customer reviews prior to downloading an app, restrict app permissions, and uninstall apps not in use.
“The FBI is aware of fraud schemes wherein unidentified cyber-criminals contact victims on dating and networking apps and direct them to download mobile beta-testing apps, such as cryptocurrency exchanges, that enable theft,” the agency said.
“The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead the victim funds are sent to the cyber criminals.”
If a person were to download such fraudulent apps that masquerade as a legitimate crypto investment app, they may end up losing money through fake investments, the FBI said.
The agency asked people to avoid sending payment to any person with whom they have only spoken online, “even if you believe you have established a relationship with the individual.”
It recommended people to avoid opening an email, email attachment, or message if they look suspicious even if the installed antivirus software claims that they are clean. Unsolicited attachments should be treated with wariness, even when they come from known individuals, the agency warned.
“Do not download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy of the app … Be aware of a sense of urgency or threats, such as ‘your account will be closed‘ or ’act now.’”
Crypto-Romance Scam
The FBI warned Americans about romance scammers targeting victims with fake crypto-investments earlier this year. The agency is anticipating a “higher reported financial loss” through romance scams in 2023 due to a trend of such scams pressuring victims to invest in cryptocurrencies.
“Year after year, romance scams result in one of the highest reported financial losses when compared to other internet-facilitated crimes. According to a preliminary report from the FBI’s Internet Crime Complaint Center (IC3), a total of 19,050 victims reported losing $739,030,292 to romance scammers in 2022,” the agency said in a Feb. 13 news release.
A crypto-scam starts similar to an online relationship, the FBI notes.
“To demonstrate the returns on investment, victims are directed to websites that appear authentic but are instead controlled by the scammer. Once the victim makes a purchase, they are denied the ability to cash out their investments and the scammer cuts off contact.”
In April last year, the FBI warned about a “pig butchering” scam that pulls on the “heartstrings and purse strings” of the victims.
The fraud is named for the way in which scammers feed potential victims with promises of romance and riches. The scam began in China in 2019, and is now becoming more prevalent in the United States.
Defrauding People Through Romance
According to the FBI, the intention of romance scammers is to establish a relationship with a victim as quickly as possible and gain trust. Scammers may propose plans to meet in person and even marry. However, such things will never happen, the agency says on its website.Such scammers tend to claim that they are engaged in projects outside the United States, which gives them an excuse for why they are unable to meet the victim. This also gives them an opportunity to ask for money by citing a medical emergency or unexpected legal fee.
The FBI advised people to research the photo and profile of the person they met online using online searches to see whether the data have been used elsewhere.
“Beware if the individual seems too perfect or quickly asks you to leave a dating service or social media site to communicate directly.
“Beware if the individual attempts to isolate you from friends and family or requests inappropriate photos or financial information that could later be used to extort you.”
