US and EU Users of Dating Apps Are Targeted by a Cryptocurrency Scam

Researchers at Sophos security firm spotted a fraud campaign targeting users of dating apps and scamming them to lose money on fake cryptocurrency trading apps.

This social engineering campaign is spread through fake apps impersonating legitimate ones and spread through exploiting Apple’s Developer Enterprise program. It’s estimated that scammers have gained more than $1.4 million already.

Investing in Fake Cryptocurrency Trading Apps

US and EU Users of Dating Apps Are Targeted by a Cryptocurrency Scam

Sophos researchers, Jagadeesh Chandraiah and Xinran Wu have detailed a scam campaign called CryptoRom based on cryptocurrency trading apps, where the scammers are targeting users from dating apps like Bumble, Tinder, Facebook Dating, and Grindr.

This starts by targeting potential victims from the dating apps and conversing with them to gain trust. They’re then suggested to install and invest in fake cryptocurrency trading apps and gain money from them. While the victims do get fancy returns at the start, they’ll be denied withdrawals after some time.

This classic social engineering campaign was initially noted in Asia in May and now expanded to EU and US users. What’s significant here is the impersonation of legitimate trading apps, by exploiting Apple’s Developer Enterprise Program, and obtaining the Apple Enterprise/Corporate Signature.

This is meant for developers belonging to a legitimate company, that verifies before listing them on the Appstore, downloadable by users later. Researchers have seen the fake cryptocurrency trading apps replicating legitimate apps like Binance and others.

This campaign is specifically targeted towards iPhone users, with scammers gaining over $1.4 million to date. What’s more worrying is not just about losing money, as the scammers are able to gain hold of victims’ handsets, which can be exploited for other scams too.

Since they’ve exploited Apple’s Developer Enterprise Program, and are able to make victims install their fake cryptocurrency apps, they can access personal information from the compromised device, and also be able to control them remotely.

Other Trending News:-  News


Please enter your comment!
Please enter your name here