An international cryptocurrency trading scam is now actively going after iPhone users. CryptoRom Scammers are hunting for victims on popular dating apps such as Bumble, Tinder, Grindr, etc.
A predominantly Asian scam has now expanded to the U.S. and Europe. Dubbed CryptoRom, the scam involves luring iPhone users into installing troublesome apps and then stealing cryptocurrency tokens or money stored inside a crypto wallet.
Fake iOS Cryptocurrency apps make nearly $1.4 Million worth of Bitcoin by targeting iPhone users in the U.S. and Europe:
Cyber security researchers have revealed an international cryptocurrency trading scam. Dubbed CryptoRom, the scam has at least one Bitcoin wallet which contains about $1.4 Million worth of tokens.
CryptoRom” relies heavily on social engineering at almost every stage. The detailed report that Sophos created, explains the inner working of the scam.
— Coin Manşet (@CoinManset) October 18, 2021
Speaking about the same, Jagadeesh Chandraiah, a senior threat researcher at Sophos, said: “The CryptoRom scam relies heavily on social engineering at almost every stage. First, the attackers post convincing fake profiles on legitimate dating sites. Once they’ve made contact with a target, the attackers suggest continuing the conversation on a messaging platform. They then try to persuade the target to install and invest in a fake cryptocurrency trading app.”
A new iPhone scan called "CryptoRom" is being used by attackers to steal millions of dollars from owners using dating applications such as Tinder and Bumble. #Crypto #cryptocurrencies #CryptoNews #cryptocurrency #cryptorom #pandemicdoge pic.twitter.com/cMpo08w6kG
— Pandemic Doge Coin (@PandemicDoge) October 18, 2021
The scammers initially make some profit for the victim. Once convinced about the potential of the platforms, scammers ask victims to invest larger amounts, added Chandraiah:
“At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost. Our research shows that the attackers are making millions of dollars with this scam.”
Why are Apple iPhone users the primary target for the CryptoRom gang?
Sophos researchers have warned that the CryptoRom gang is leveraging “Enterprise Signature”. It is a system for software developers that helps organizations pre-test new iOS applications with selected iPhone users before they submit them to the official Apple App Store for review and approval.
With such functionality, attackers can go after several iPhone users with their fake crypto-trading apps. Using weaponized software, crypto hackers can even gain remote management control over victims’ devices.
Needless to add, this means the attackers can potentially do way more than just steal cryptocurrency investments from victims. Some of the real threats involve stealing personal data, adding and removing accounts, and installing and managing apps for other malicious purposes.
The iOS enterprise developer system has far more potential for causing damage if it is in the hands of the wrong people with malicious intent. For the time being, the only advice security researchers are advising is to only install apps from Apple’s App Store.