Cyber gunners are increasingly targeting European and American users of apps like Tinder and Bumble in order to hijack their iPhones for their machinations. 1,2 million euro loot discovered in just one wallet. Sophos gives the threat the code name CryptoRom.
Findings from Sophos indicate that international cryptocurrency cyber fraud is escalating. Cyber criminals use popular dating apps like Tinder and Bumble to hijack unsuspecting users' iPhones in their fraudulent activities. While the attackers have mainly targeted Asian regions in the past, the attacks are now also shifting to Europe and the USA. Sophos has discovered a cybercriminal-controlled bitcoin wallet containing nearly $1,4 million, believed to have been stolen from the victims. Sophos has codenamed this threat “CryptoRom” and published a detailed report “CryptoRom Fake iOS Cryptocurrency Apps hit US, European victims for at least $ 1.4 million" released.
Fake trading app for cryptocurrency
“CryptoRom scams rely on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “First, the attackers create convincing fake profiles on dating sites. Once in touch with a target person, they suggest continuing the conversation on a messaging platform. Then they try to persuade the target person to install and invest on a fake cryptocurrency trading app. At first glance, the returns look very good. However, if the victim asks for the money back or tries to access the finances, they are rejected and the money is lost. Our research shows that the scammers use this scam to steal millions of euros.”
First the attack, then access to the iPhone
According to research, the attackers can steal far more than just money. They can also gain access to victims' iPhones. In this variant of the attack, cybercriminals use a system for software developers called "Enterprise Signature". Typically, this software helps companies to pre-test new iOS applications with selected iPhone users before submitting them to the official Apple App Store for review and approval. With the functionality of the enterprise signature system, attackers can target larger groups of iPhone users with their fake crypto trading apps and take control of their devices remotely. This means they are potentially able to do even more damage than they are already doing with the fake cryptocurrency investments. For example, they can collect personal information, add and remove accounts, and install apps for other malicious purposes. Sophos recommends installing security solutions on mobile devices as well. This includes, for example Intercept X for Mobile, the iOS- and Android devices protects against cyber threats.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.