An international cryptocurrency “trading” scheme focused on iPhone users through popular dating apps like Bumble and Tinder has already raised nearly $1.4 million, allegedly collected from victims. A report by cybersecurity firm Sophos detailing the latest findings shows that the operation has increased. Attackers have expanded attacks beyond Asia and now include users in the United States and Europe. Sophos researchers have code-named the threat “CryptoRom”.
“The CryptoRom scheme relies heavily on social engineering at almost every stage,” says Jagadeesh Chandraiah, senior threat researcher at Sophos. “First, attackers post convincing fake profiles on legitimate social networking sites. After making contact with a target, they suggest continuing the conversation on a messaging platform. So they try to persuade the target to install and invest in a fake cryptocurrency trading application,” he explains.
According to Chandraiah, at first the returns look very good, but if the victim asks for the money back or tries to access the funds, they are refused and the money is lost. “Our research shows that criminals are earning millions of dollars from this scam,” he adds.
In addition to stealing money, attackers can also gain access to victims’ iPhones, according to Sophos researchers. In this version of the attack, cybercriminals leverage Enterprise Signature, a system for software developers that helps organizations pretest new iOS apps with select iPhone users before submitting them to the official App Store for review and approval.
With the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their fake encryption apps and gain remote management control over their devices. This means that criminals can do more than just steal investments in cryptocurrencies. They can also, for example, collect personal data, add and remove accounts, and install and manage applications for other malicious purposes.
“Until recently, cybercriminals distributed the fake encryption apps through fake websites that resemble a trusted bank or Apple’s App Store,” Chandraiah points out. “The addition of the iOS enterprise developer system poses more risk to victims because they can hand over to attackers the rights to their devices and the ability to steal their personal data. To avoid falling into these types of scams, iPhone users should only install apps from the official App Store. The golden rule is that if something sounds risky or too good to be true — like someone you barely know talking about some ‘great’ online investment scheme that will make a big profit — it probably is.”