Sophos, a cyber security solutions company, has said that an international cryptocurrency trading scam is targeting people accessing dating apps such as Bumble and Tinder on their iPhone devices.
The firm uncovered a Bitcoin wallet controlled by the attackers that contains nearly $1.4 million in cryptocurrency, allegedly collected from victims. The cyber fraudsters are using social engineering (gathering information from the publicly available data) methods at every stage during the scame, which is code-named ‘CryptoRom’.
“First, the attackers post convincing fake profiles on legitimate dating sites. Once they’ve made contact with a target, the attackers suggest continuing the conversation on a messaging platform,” Jagadeesh Chandraiah, senior threat researcher at Sophos, has said.
“They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost,” he said.
The fraudsters are making millions of dollars in ransom in the scam. The attackers seem to have widened their net to target people in Asia, the US and Europe.
Access to information
Besides stealing money from the victims, there is a possibility of the fraudsters gaining access to the compromised devices.
The attackers are using ‘Enterprise Signature’, which generally helps organisations in pre-testing new iOS applications with select iPhone users before they submit the same to the official iOS platform (the Apple’s appstore) for review and approval.
Using this tool, the attackers can target larger groups of iPhone users with their fake crypto-trading apps and gain remote management control over their devices.
“This means the attackers could potentially do more than just steal cryptocurrency investments from victims. They could collect personal data, add and remove accounts, and install and manage apps for other malicious purposes,” Sophos said in a report on the scam.
How to be safe
In order to avoid falling victim to these types of scams, iPhone users should only install apps only from the iOS.
“The golden rule is that if something seems risky or too good to be true – such as someone you barely know telling you about some ‘great’ online investment scheme that will deliver a big profit – it probably is a potential risk,” the report said.