{"id":82134,"date":"2023-07-25T12:07:58","date_gmt":"2023-07-25T09:07:58","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=82134"},"modified":"2025-09-12T03:17:30","modified_gmt":"2025-09-12T00:17:30","slug":"malicious-app-found-in-the-app-store-to-bypass-2fa-and-steal-cryptocurrency","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/malicious-app-found-in-the-app-store-to-bypass-2fa-and-steal-cryptocurrency\/","title":{"rendered":"Malicious App Found in the App Store to Bypass 2FA and Steal Cryptocurrency"},"content":{"rendered":"<p>SlowMist researchers <a href=\"https:\/\/twitter.com\/IM_23pds\/status\/1683639652908167168\">reported<\/a> the discovery in the App Store of a phishing program designed to steal user data and cryptocurrency.\u00a0<\/p>\n<p>The malware imitates legitimate apps and thus ends up on the user&#8217;s device. It then prompts the victim to enter their Apple ID password. Having obtained these credentials, the attackers add their phone numbers to the trusted list for bypassing Apple&#8217;s two-factor authentication.\u00a0<\/p>\n<p>This allows them to control account permissions and gain full access to its contents. To mask their activity, the hackers create additional Apple IDs and use the victim&#8217;s resources through the Family Sharing feature of the account.\u00a0<\/p>\n<p>Experts warn that if such an attack targets a crypto wallet backed up to iCloud, the user could lose digital assets.<\/p>\n<p>In April, two critical vulnerabilities were found in Apple\u2019s operating systems that could allow attackers to obtain superuser privileges on a victim\u2019s device and potentially <a href=\"https:\/\/forklog.com\/en\/news\/flaws-in-ios-and-macos-threaten-users-crypto-assets\">threat to the security of crypto assets<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SlowMist researchers reported the discovery in the App Store of a phishing program aimed at stealing user data and cryptocurrency.<\/p>\n","protected":false},"author":1,"featured_media":82135,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1112,44,2150],"class_list":["post-82134","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-apple","tag-cybercrime","tag-two-factor-authentication"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/82134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=82134"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/82134\/revisions"}],"predecessor-version":[{"id":82136,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/82134\/revisions\/82136"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/82135"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=82134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=82134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=82134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}