Users of major dating platforms, including Tinder and Bumble, have been targeted by a major iOS cryptocurrency scam. iPhone users are targeted by CryptRom using the major dating apps, and first targeted people in Asia. However, it is now know to be attacking users in the US and Europe as well.
It’s reported that the attackers have gained nearly $1.4 million in cryptos from the scan.
Jagadeesh Chandraiah, senior threat researcher at Sophos, said: “The CryptoRom scam relies heavily on social engineering at almost every stage”, adding that the novel scam has the potential of doing a lot more damage than just stealing cryptos.
Sophos says that the scam is pulled off through threat actors posting fake profiles on legitimate dating sites to lure in victims. Once they have established connections, the victims are then persuaded to install and invest in a fake cryptocurrency trading app.
“At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost,” researchers said.
Jagadeesh Chandraiah continued: “Until recently, the criminal operators mainly distributed the fake crypto apps through fake websites that resemble a trusted bank or the Apple App Store. The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data.”