Hackers are always looking for new and novel ways to get their malicious apps onto your smartphone, from infiltrating legitimate app stores to tricking you into sideloading them. The FBI is well aware of their tactics, however, which is why the government agency has issued a warning on a new technique currently being used by cybercriminals to do just that.
As reported by Phone Arena, hackers have begun embedding malicious code into beta versions of popular apps in an effort to drain the bank accounts of unsuspecting users. Unlike apps in official app stores which go through rigorous testing, beta apps aren’t typically subject to the security reviews that Google puts the other apps in the Play Store through.
As such, the malicious code in these beta apps remains hidden before being activated once installed on a vulnerable smartphone. Even the best phones with the latest security updates installed are susceptible to this new scam, which is why you need to be careful when installing any new apps—especially apps that are still in the beta phase.
Impersonating popular apps
According to its report on the matter, the FBI says that many of these malicious beta apps use names, app icons and descriptions similar to legitimate apps in order to appear more trustworthy. This can lead potential victims into installing an app they might otherwise avoid.
To distribute their malicious beta apps, the hackers behind this campaign are using phishing emails as well as romance scams. While an email suggesting you install the beta version of an app might be ignored, the hackers are also reaching out to potential victims on dating apps and social media to convince them to install one of these fraudulent apps.
Once installed on a victim’s smartphone these beta apps perform a number of malicious activities, from accessing your financial apps to stealing personal data and even taking complete control over your smartphone.
Many of these beta apps also impersonate cryptocurrency exchanges in order to steal digital currency from victims. While a user might think they’re investing in the next Bitcoin, they’re actually sending their cash directly to hackers instead.
While the FBI hasn’t named these malicious beta apps outright, for the time being, it’s probably best to avoid installing beta versions of apps altogether. Instead, you should wait until an app is available in an official store like the Play Store before installing it. That way, you can check its rating and read reviews to do the proper research before putting the app on your smartphone.
How to stay safe from malicious apps
Staying safe from malicious apps requires a two-step approach. First off you should be using antivirus software on your smartphone just like you do on your computer. Secondly, you want to limit the number of apps on your devices while also being extra critical of any new apps you install.
If you’re using an Android smartphone, then you’re going to want to install one of the best Android antivirus apps to stay safe from malicious apps, mobile malware and other cyber threats. Google Play Protect is a free alternative that comes pre-installed on most Android phones if you’re on a tight budget, and it also scans all of your existing apps and any new ones you download for malware.
With one of the best iPhones, things aren’t that simple as Apple restricts apps from scanning for malware on iOS. Fortunately, there is a workaround as Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 are the only Mac antivirus software solutions that can scan an iPhone or iPad for malware. However, there is a catch as your device needs to be connected to your Mac using a USB cable.
The FBI also has some red flags to look out for to help you spot any malicious apps installed on your smartphone. These include your battery draining faster than usual, poor performance, persistent pop-up ads and apps that request unnecessary permissions.
Hackers will also come up with new ways to trick users into installing their malicious apps but it’s up to you to think carefully and consider whether or not an app is worth installing in the first place. With enough consideration, you’ll likely realize that a lot of apps are too risky to install on your smartphone, especially since our phones now hold so much of our personal and financial data.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.