Hackers Now Target iPhone Users Through Dating Apps

Sophos, a cybersecurity solutions company, has revealed that an international cryptocurrency trading scam targets millions of dollars of people using dating apps like Tinder, Bumble, Grindr, on their iPhone devices.

A report detailing the latest findings shows that attackers are no longer targeting people in Asia to include people in the United States and Europe. Sophos has discovered an attacker-controlled Bitcoin wallet that has nearly $ 1.4 million in cryptocurrency, allegedly collected from victims. Sophos researchers codenamed the CryptoRom threat.

“The CryptoRom scam relies heavily on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “First, attackers post convincing fake profiles on legitimate dating sites. Once they have made contact with a target, the attackers offer to continue the conversation on a messaging platform. They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first the returns look very good, but if the victim requests a refund or tries to access the funds, they are refused and the money is lost. Our research shows that attackers are making millions of dollars with this scam, ”he added.

Double problem

In addition to stealing money, attackers can also gain access to victims’ iPhones, according to Sophos research. In this version of the attack, the cybercriminals exploit “Enterprise Signature”, a system for software developers that helps organizations to pre-test new iOS apps with selected iPhone users before submitting them to the App. Apple’s official store for review and approval.

Through the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their bogus crypto-trading apps and gain remote management control over their devices. This means that attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for example, collect personal data, add and delete accounts and install and manage applications for other malicious purposes.

“Until recently, criminal operators mainly distributed bogus crypto apps through bogus websites that look like a trusted bank or Apple’s App Store,” Chandraiah said. “The addition of the iOS business development system introduces additional risk for victims, as they could give attackers rights to their device and the ability to steal their personal data. To avoid falling victim to these types of scams, iPhone users should only install apps from the Apple App Store. The rule of thumb is that if something sounds risky or too good to be true – like someone you barely know tells you about a “great” online investing program that will earn you a big profit – then unfortunately, it probably is.

Meanwhile, Sophos has recommended that its users install a security solution on their mobile devices, such as Intercept X for Mobile, to protect iOS and Android devices from cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *