Skip to content
illustration of a shark fin swimming around in a smartphone screen on an orange background

Illustration by iStock; Security Management

FBI Issues Warning of Beta-Testing App Scams

Excited to try that never-before-seen mobile cryptocurrency investing app? Maybe think twice before you download it. The FBI issued a warning earlier this week that cybercriminals are embedding malicious code in mobile beta-testing apps to defraud potential victims.

These beta apps are designed to test mobile applications before their official release, so they are not usually subject to mobile operating systems’ review processes, the FBI said. Fake apps that appear to copy legitimate names, images, or descriptions enable the creators to steal personally identifiable information (PII), access financial accounts, or take over devices.

“The FBI is aware of fraud schemes wherein unidentified cyber criminals contact victims on dating and networking apps and direct them to download mobile beta-testing apps, such as cryptocurrency exchanges, that enable theft,” the FBI public service announcement said. “The victims enter legitimate account details into the app, sending money they believe will be invested in cryptocurrency, but instead the victim funds are sent to the cyber criminals.”

Wondering if you downloaded a fake or malicious app? The FBI called out a few red flags:

  • Mobile battery draining faster than usual

  • Mobile device slowing down while processing a request

  • Unauthorized apps installed without the user’s knowledge

  • Persistent pop-up ads

  • A high number of downloads with few or no reviews

  • Apps that request access to permissions that have nothing to do with the advertised functionality

  • Spelling or grammatical errors, vague or generic information, of a lack of details about the app’s functionality within the app description

  • Pop-ups that look like ads, system warnings, or reminders

The FBI also provided some straightforward recommendations for consumers who might come across a malicious or fake app, including checking app developers and customer reviews before downloading any apps; not sending payments to someone you only met online; not providing personal or financial information in emails or online messages; be aware of messages that convey a sense of urgency or threats, such as “your account will be closed;” be wary of unsolicited attachments—even from people you know; and the classic standby—do not click links in emails or text messages.

For more on mobile device security, check out the August issue of Security Technology: Smartphones for Strategic Security.

Check back with Security Management on Monday, 21 August, for more reporting about cryptocurrency fraud and crime trends.