(MENAFN– NewsBytes) Leading cybersecurity firm Sophos has recently published a report that highlighted how a cryptocurrency trading scam targeting iPhone users is now bigger than ever. Codenamed CryptoRom, the threat propagates through dating apps like Bumble and Tinder and has so far duped victims to the tune of at least $1.4 million using fake cryptocurrency trading apps. Here’s how you can dodge this bullet.

Baiting Attackers snag victims on Tinder, Bumble

According to Sophos senior threat researcher Jagadeesh Chandraiah, CryptoRom is heavily reliant on social engineering and manipulation but it is an age-old phishing scam in some aspects. For starters, the bad actors create convincing fake profiles on dating apps, including Tinder and Bumble . Then, they engage with people and acquire targets. The attackers then suggest continuing the conversation on another messaging platform.

Modus operandi Scammers use fake app to encourage investment, refuse withdrawal requests

Subsequently, the attackers convince targets to install a fake cryptocurrency trading app and invest in it. The app is reportedly rigged to deliver promising returns initially. If the victim balks and attempts to withdraw their gains or original investment, requests are refused and the money is lost. Sophos found that the scammers are stealing millions using this method.

Hacking Attackers misuse Apple’s Enterprise Signature system to hack iPhones

Alarmingly, the attackers don’t stop at stealing money. They gain control of the victim’s iPhone as well. This is done through the fake crypto trading app that’s signed using Apple’s Enterprise Signature system intended for developers and organizations to test applications before submitting them to the App Store for review. Sophos said the Enterprise Signature system helps attackers target larger swathes of iPhone users.

There is hope Attackers can remotely access the victim’s device

Once compromised, the attackers can remotely access the victim’s device and collect personal data, add and remove accounts, and install or remove applications for malicious purposes. However, we believe a possible deterrent to the spread of this scam is that the attackers need to manually engage with potential victims on a dating app, slowing down their efforts.

Staying safe Sounds too good to be true? Then it probably is

To stay safe from such scams, always make sure to install applications only from trusted app stores such as Apple App Store and Google Play Store. Additionally, if a scheme to make money sounds too good to be true or if an unknown person promises great returns, chances are you are being lured into a scam. Keep your wits about you when online.


Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.