Cybersecurity researchers sharede information about a scam to cryptocurrency trading which attacks iPhone users via popular dating platforms such as Bumble and Tinder.
Named CryptRom by researchers at Sophos , l 'scam initially targeting people in Asia, and now attacking users in the US and Europe too.
A Bitcoin wallet belonging to attackers reveals that the actors of the threat hit nearly $ 1.4 millions in cryptos from the scam. TechRadar needs you!
We take a look at how our readers are using VPNs with streaming sites like Netflix so that we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would be very grateful if you could share your experiences with us.
>> Click here to start the survey in a new window <
"The CryptoRom scam relies heavily on social engineering at almost every stage, ”said Jagadeesh Chandraiah, senior threat researcher at Sophos, adding that the new scam has the potential to do much more damage. than simply stealing cryptos.
Gateway to Scams
To unravel the scam, Sophos says threat actors start by posting fake profiles on legitimate dating sites to lure victims. Baited, the victims are then persuaded to install and invest in a fake cryptocurrency trading app.
"At first the returns seem very good but if thevictim asks for his or her money or tries to access the funds, they are refused and the money is lost, ”the researchers share.
The threats are not limited to lost cryptos, however. . Sophos notes that threat authors use Apple 's corporate signing mechanism to install applications directly on the target iOS devices bypassing the App Store .
The corporate signature is designed to be used by iOS developers to activate the developers application to test the iOS apps before submitting them to the official Apple App Store for review and approval.
“Until recently, criminal operators distributedMainly fake crypto apps through fake websites that look like a trusted bank or the Apple App Store. The addition of the iOS business development system introduces additional risk for victims, as they could give attackers rights to their device and the ability to steal their personal data, ”said Jagadeesh Chandraiah, senior researcher on threats at Sophos.
Sophos believes that the threat makers are using the bogus cryptocurrency trading app to gain remote management control over their victims' devices, exposing them to all kinds of malicious campaigns.