“Some of the victims who contacted us reported that they had been instructed to install what appeared to be BTCBOX, an app for a Japanese cryptocurrency exchange. We also found fake sites that posed as the cryptocurrency mining firm BitFury peddling fake apps through TestFlight. We continue to look for other CryptoRom apps using the same approach,” Sophos wrote in their report.
TestFlight is an iOS testing platform built for software developers to run beta versions of their apps. Smaller internal tests for up to 100 users do not require an App Store review, allowing scammers to avoid security screening. Concerning CryptoRom's recent spike of activity, Apple asked users to refrain from downloading any apps from TestFlight.