Home Dating asia Crypto Romance Scam Targeting iPhone Users Reaching Millions

Crypto Romance Scam Targeting iPhone Users Reaching Millions


Crypto romance scam targeting iPhone users is grossing millions of dollars, new Sophos research shows.

The cybersecurity firm has released new information about an international cryptocurrency trading scam targeting iPhone users through popular dating apps, such as Bumble and Tinder.

The report shows that the operation escalated. Attackers have moved from targeting people in Asia to people in the United States and Europe. Sophos has discovered an attacker-controlled Bitcoin wallet that contains nearly $ 1.4 million in cryptocurrency, allegedly collected from victims. Sophos researchers named the threat CryptoRom.

“The CryptoRom scam relies heavily on social engineering at almost every stage,” says Jagadeesh Chandraiah, senior threat researcher at Sophos.

“First of all, attackers post convincing fake profiles on legitimate dating sites. Once they have made contact with a target, the attackers suggest continuing the conversation on a messaging platform,” he says. he.

“They then try to persuade the target to install and invest in a bogus cryptocurrency trading app. At first the returns look pretty good, but if the victim asks for a refund or tries to access funds, it is denied and the money is lost. Our research shows that attackers are making millions of dollars with this scam. “

Double problem

In addition to stealing money, attackers can also gain access to victims’ iPhones, according to Sophos research. In this version of the attack, cybercriminals exploit Enterprise Signature, a system for software developers that helps organizations pre-test new iOS apps with selected iPhone users before submitting them to the official App Store. from Apple for review and approval.

Through the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their bogus crypto-trading apps and gain remote management control over their devices. This means that attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for example, collect personal data, add and delete accounts and install and manage applications for other malicious purposes.

“Until recently, criminal operators mainly distributed bogus crypto apps through bogus websites that look like a trusted bank or Apple’s App Store,” says Chandraiah.

“Adding the iOS business development system presents an additional risk for victims, as they could give attackers rights to their device and the ability to steal their personal data,” he said.

“To avoid falling victim to these types of scams, iPhone users should only install apps from the Apple App Store. The rule of thumb is if something looks risky or too good to be true, as someone you barely know you are talking about a great online investing program that will pay off big, so unfortunately you probably are. “

Sophos recommends that users install a security solution on their mobile devices, such as Intercept X for Mobile, to protect iOS and Android devices from cyber threats. It is also worth securing all personal and home computers with additional protection such as Sophos Home.

Source link