Fake Meta Ads Manager in App Store and TestFlight used to phish Meta ad accounts

Sublime's Attack Spotlight series reveals a sophisticated email threat involving malware, ransomware, and credential phishing, where attackers used both Apple's TestFlight platform and the App Store to distribute a fake Meta Ads Manager app to Apple devices. The attackers employed tactics like brand impersonation using Meta's name, sending emails from freemail domains, and utilizing homoglyph substitutions to evade detection. The TestFlight variant required targets to install the app via TestFlight after downloading it from the App Store, while the App Store variant directly linked to the app's page on the App Store. Sublime's AI-powered detection system identified and thwarted these attacks by recognizing signals such as brand impersonation and suspicious sender behavior, leading to the removal of the malicious app from the App Store. This case underscores the importance of adaptive email security platforms that use AI and machine learning to detect subtle signs of malicious activity, highlighting the need for vigilance as malware increasingly targets personal devices through email.