Back to Back Issues Page
Watch For Scams Newsletter. Beware malware posing as beta versions of legitimate apps
August 28, 2023

Beware malware posing as beta versions of legitimate apps

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Beware malware posing as beta versions of legitimate apps

The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. The victims are typically contacted on dating sites and social media, and in some cases they are promised incentives such as large financial payouts.

Beta-testing apps are new versions of software that are undergoing their final tests and aren't quite ready to be officially released. In the legitimate software ecosystem, beta testing gives users a chance to improve their favorite apps and get early access to new features.

For criminals, "beta-testing" apps offer a plausible reason for victims to download software from unsafe places, away from the usual app stores, without raising their suspicions.

To make the apps look legitimate the criminals use familiar looking names, images, or descriptions that are similar to popular apps. Embedded in the apps is malicious code used to defraud the victim or compromise the device.

The agency says it’s aware of fraud schemes where the victims are contacted and directed to download mobile beta-testing apps, such as cryptocurrency exchanges, that steal money instead of investing it.

The FBI has highlighted in the past that scammers haunt forums and comments sections, looking for victims who have lost cryptocurrency to fraud, scams, and theft. The scammers claim to provide cryptocurrency tracing and promise to recover lost funds.

These recovery scheme fraudsters will charge an up-front fee and either cease communication after receiving the initial deposit, or they will produce an incomplete or inaccurate tracing report and claim they need additional fees to recover the funds.

The fraudsters will even go as far as to claim they are affiliated with law enforcement or legal services to appear legitimate. It is important to realize that private sector recovery companies cannot issue seizure orders to recover cryptocurrency.

Stay Safe

Beta-testing can be fun and rewarding, but check that you are testing the app from a legitimate source and trusted developer.

1. Do not send payment to someone you have only spoken to online, even if you believe you have established a relationship with them. Scammers specialize in making you think that.

2. Do not provide personal or financial information in email or messages, and do not respond to email or message solicitations, including links.

3. Do not download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy of the app.

4. Shy away from advertisements for cryptocurrency recovery services. Research the advertised company and beware if the company uses vague language, has a minimal online presence, and makes promises regarding an ability to recover funds. Do not make things even worse.

Law enforcement does not charge victims a fee for investigating crimes. If someone claims an affiliation with the FBI, contact your local FBI field office to confirm.

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!


Back to Back Issues Page