Beuhler? Anyone? FWIW I don't want to do this, I want to help someone not have this done to them again.
Discussion
🦗🦗🦗 wish I could help
A few different ways. It could be a supply chain attack as in the applications code base gets taken over by somebody. And what looks like a regular update, puts malicious code on their device.
Or a lot of apps dynamically load code from remote servers so somebody could take over one of those remote servers and inject something malicious into it.
There could be a compromise in their software development kits or SDKs. Meaning that a library that somebody is using could unknowingly get compromised. Therefore putting malicious code in an app without realizing it.
I'm sure there are other ways that I'm missing too.
I guess arguably those are all variations of supply chain attacks. But Based on the scenario you provided, that's kind of how it could happen.
the app is for a major crypto exchange so I dont think it was on the supply side or there would probably be major news, unless they just aren't aware of it, but thanks for that. I imagine this person clicked some link and just doesn't remember or didn't know it was a link.
That's probably the most likely scenario.
But you never know vulnerabilities or malicious code can be floating around for years and not get noticed. Wouldn't be the first time it happened.