Published 17:17 IST, October 17th 2021
iPhone users beware: Attackers use dating apps to steal money in crypto scam
The attackers have learned the ability to take over iPhones and their Enterprise Signature, which is the system that allows developers to pretest new apps.
A new iPhone scan called "CryptoRom" is being used by attackers to steal millions of dollars from owners using dating applications such as Tinder and Bumble. According to a cyber security firm called Sophos, the attackers were directing all money to a bitcoin wallet that has been uncovered by firm's researchers and contains $1.4 million in the form of Bitcoins.
The attackers have learned the ability to take over iPhones and its Enterprise Signature, which is the system that allows developers to pretest new iPhone applications before submitting them to Apple for being published on the Apple App Store.
Scammers leveraging iPhone's Enterprise Signature
“With the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their fake crypto-trading apps and gain remote management control over their devices,” Sophos said in a statement. “This means the attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes.”
How are scammers using dating apps to make people invest in fake crypto apps?
According to the cybersecurity firm, the scam began in Asia but has spread its victims to the United States and Europe using dating applications such as Bumble and Twitter. Sophos senior threat researcher Jagadeesh Chandraiah says that the attackers rely on social engineering as the core of the scam. These attackers post fake profiles on dating websites such as Bumble and Tinder and contact their targets through them. Thereafter, the attackers suggest continuing the conversation on a messaging platform.
Once the conversation lifts from its initial phase, the attackers pursue targets to download and install fake cryptocurrency trading applications. This is when the attackers play their trick and the victim in convinced about the returns on the application. However, when the victim tries to redeem their money, they are not able to do so. According to research, the attackers are making hefty amounts of money through the scam.
To avoid falling into such scams, iPhone users shall only install apps from the Apple Play Store as the applications pass security benchmarks before being uploaded on the Apple Play Store and being available for public. Since cryptocurrency has gained a lot of popularity lately, scammers have started to deploy techniques that associate profits with cryptocurrency and loot the user of their hard earned money.
Updated 17:17 IST, October 17th 2021