Malicious app in Apple’s official store allows cryptocurrency theft

Apple faces new controversy related to its official App Store platform. One user claims that the company allowed the accommodation of a malicious app in its official store, which allowed a hacking group to steal more than $600,000 USD in Bitcoin.

The affected user, named Phillipe Christodoulou, mentions that the app he installed on his iPhone was supposedly connected to the servers of Treznor, one of the most prominent companies in developing solutions for cryptocurrency investors. Needless to say, this was a malicious app unrelated to Treznor.

Christodoulou claims that shortly after installation, the threat actors behind this app were able to steal all of their virtual assets, something not even Treznor’s support teams were aware of: “My trust towards them has been betrayed; this is Apple’s responsibility and they don’t deserve to get away with it,” Christodoulou added in an interview with the specialized Apple Insider platform.

On the other hand, Apple has already spoken out about these accusations, ensuring that the developers of the malicious app may have dodged their security mechanisms with unforeseen updates or completely altering its features immediately after it was authorized to be published on the App Store.

Subsequently, an Apple spokesperson noted that the developers of the fraudulent app never pointed to offering cryptocurrency services, so the app was available from the beginning of 2021 until a couple of weeks ago: “User trust is the basis of why we created the App Store, and we have only deepened that commitment in the most recent years” spokesman Fred Sainz explained.

Apple has been very clear about the complaints of the affected user, so some cybersecurity experts do not doubt that Christodoulou will try to resort to other instances for the investigation of the incident.

Installing malicious apps remains one of the main problems for smartphone users, so you need to remember some recommendations to identify potentially malignant apps:

  • Check the name of the application
  • Review reviews, especially the comments section of official stores
  • Check the date of publication
  • If it’s a paid app, always check if it offers any unusual offer
  • Search for screenshots showing the app’s features
  • Visit developers’ websites for more information
  • Check the requested permissions

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.