Using dating apps on iPhone? Crypto-scammers could hack your device!
Leading cybersecurity firm Sophos has recently published a report that highlighted how a cryptocurrency trading scam targeting iPhone users is now bigger than ever. Codenamed CryptoRom, the threat propagates through dating apps like Bumble and Tinder and has so far duped victims to the tune of at least $1.4 million using fake cryptocurrency trading apps. Here's how you can dodge this bullet.
Attackers snag victims on Tinder, Bumble
According to Sophos senior threat researcher Jagadeesh Chandraiah, CryptoRom is heavily reliant on social engineering and manipulation but it is an age-old phishing scam in some aspects. For starters, the bad actors create convincing fake profiles on dating apps, including Tinder and Bumble. Then, they engage with people and acquire targets. The attackers then suggest continuing the conversation on another messaging platform.
Scammers use fake app to encourage investment, refuse withdrawal requests
Subsequently, the attackers convince targets to install a fake cryptocurrency trading app and invest in it. The app is reportedly rigged to deliver promising returns initially. If the victim balks and attempts to withdraw their gains or original investment, requests are refused and the money is lost. Sophos found that the scammers are stealing millions using this method.
Attackers misuse Apple's Enterprise Signature system to hack iPhones
Alarmingly, the attackers don't stop at stealing money. They gain control of the victim's iPhone as well. This is done through the fake crypto trading app that's signed using Apple's Enterprise Signature system intended for developers and organizations to test applications before submitting them to the App Store for review. Sophos said the Enterprise Signature system helps attackers target larger swathes of iPhone users.
Attackers can remotely access the victim's device
Once compromised, the attackers can remotely access the victim's device and collect personal data, add and remove accounts, and install or remove applications for malicious purposes. However, we believe a possible deterrent to the spread of this scam is that the attackers need to manually engage with potential victims on a dating app, slowing down their efforts.
Sounds too good to be true? Then it probably is
To stay safe from such scams, always make sure to install applications only from trusted app stores such as Apple App Store and Google Play Store. Additionally, if a scheme to make money sounds too good to be true or if an unknown person promises great returns, chances are you are being lured into a scam. Keep your wits about you when online.