Malicious App Found in the App Store to Bypass 2FA and Steal Cryptocurrency

SlowMist researchers reported the discovery in the App Store of a phishing program designed to steal user data and cryptocurrency. 

The malware imitates legitimate apps and thus ends up on the user’s device. It then prompts the victim to enter their Apple ID password. Having obtained these credentials, the attackers add their phone numbers to the trusted list for bypassing Apple’s two-factor authentication. 

This allows them to control account permissions and gain full access to its contents. To mask their activity, the hackers create additional Apple IDs and use the victim’s resources through the Family Sharing feature of the account. 

Experts warn that if such an attack targets a crypto wallet backed up to iCloud, the user could lose digital assets.

In April, two critical vulnerabilities were found in Apple’s operating systems that could allow attackers to obtain superuser privileges on a victim’s device and potentially threat to the security of crypto assets.