FBI warns cryptocurrency app beta-testers of malware menace

Are you the kind of person who runs the beta-test versions of mobile apps before they are officially released.  If so, the FBI is warning you to be on your guard.

An FBI public service announcement released earlier this week warns that cybercriminals are hiding malicious code inside the beta versions of mobile apps in an attempt to commit fraud.

According to the FBI, the malicious apps allow cybercriminals to steal personal information, break into financial accounts, and hijack control of infected smartphones. Often fraudsters will gain the confidence of their intended victim (perhaps through a dating site or phishing email), before directing them to download the beta-test version of a mobile app, promising to allow them to make big gains from cryptocurrency investments.

The fraudulent app will often masquerade as the beta-test version of a cryptocurrency exchange app, which tricks users into making fund payments which do not end up being invested at all - but instead fill the pockets of cybercriminals.

Anyone entering their cryptocurrency exchange account details into a bogus app, are effectively handing the keys to their investments straight into the hands of criminals.

According to the report, such scams are successful in part because beta-test apps do not receive the same level of OS security checks as other apps, meaning malicious code may slip through unspotted.

The FBI offers a number of signs to look out for which may indicate a malicious app:

• Mobile battery draining faster than usual
• Mobile device slowing down while processing a request
• Unauthorized apps installed without the user's knowledge
• Persistent pop-up ads
• A high number of downloads with few or no reviews
• Apps that request access to permissions that have nothing to do with the advertised functionality
• Spelling or grammatical errors, vague or generic information, of a lack of details about the app's functionality within the app description
• Pop-ups that looks like ads, system warnings, or reminders

So what should you do?

The FBI's advice is that you should keep your devices properly updated with the latest patches, restrict the permissions of what apps are allowed to do on your smartphone, and uninstall any apps that you do not use.

You would also be wise to be on your guard against phishing emails and unusual out-of-character communications, even if they appear to have been sent from your friends or family. It's simple for criminals to forge email headers to make a message appear to have come from someone else, and it's also not unusual for malicious hackers to compromise innocent people's accounts from which to phish others.

Finally, the FBI offers some sage advice for anyone who has been tempted to trust someone that they have never met in real life:

"Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with the individual."