If you’re looking for love through apps on your iPhone, like Tinder, you’d better be careful. Sophos researchers have discovered a cryptocurrency exchange scam that targets the user of these programs.
The scheme was named by the researchers as CryptoRom. According to the report, a digital wallet associated with the scam already has more than US$1.4 million (about R$7.7 million at current prices) in different cryptocurrencies, with that amount most likely coming from victims of the scam.
The scammers responsible for CryptoRom, according to Jagadeesh Chandraiah, senior threat researcher at Sophos, use social engineering tactics in almost every step of the coup. First, criminals create fake profiles on online dating sites or apps. After they’ve made their first contact with a target, the fraudsters suggest continuing the conversation on another messaging platform.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
The conversation on this new messenger, however, does not live up to the expectations of most users of online dating platforms, with the scammer trying to convince the potential victim that she will profit greatly from investing and installing a fake cryptocurrency transaction app. Although the returns shown by the criminal at first look good, after the first investments occur, those affected by the scam quickly realize that they have been cheated, as they cannot see the amount invested or recover the money.
Control of the victim’s iPhone
The research also indicates that in addition to the financial scam, some CryptoRom variants may also gain access to their victims’ iPhone information. According to the Sophos report, this invasion is carried out through the use of Enterprise Signature, a system used by application developers that facilitates the testing of new programs on iPhones, as it allows the installation of these apps without them going through the process of Apple approval.
“Until recently, criminals distributed their fake apps from fake websites that looked like Apple’s App Store. Now, with the addition of methods that make use of iOS developer tools, the risk is even greater, with victims being able to unknowingly give full access to the information on their iPhones to the scammers.” claims Jagadeesh Chandraiah.
For Sophos researchers, the way to mitigate threats such as CryptoRom is with Apple issuing alerts to its users about the installation of applications by environments other than the App Store, stating that these programs have not been evaluated by the company, and may be not safe. In addition, the Sophos report also states that the lack of regulation in the cryptocurrency market is a problem, as it allows criminals to apply these scams without having to justify themselves to income control agencies, for example.
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.