Sophos, a leader in cybersecurity, has released new information on CryptoRom, an iPhone cryptocurrency scam that targets users through popular dating apps including Bumble and Tinder.
An expanding threat
The company has released a new report on CryptoRom, detailing how it has struck US and European victims for nearly $1.4 million. The report details how the attack has expanded from Asia and how Sophos has identified a cryptocurrency wallet worth nearly $1.4 million tied to the attack.
“The CryptoRomscam relies heavily on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophosof the iPhone cryptocurrency scam. “First, the attackers post convincing fake profiles on legitimate dating sites. Once they’ve made contact with a target, the attackers suggest continuing the conversation on a messaging platform. They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost. Our research shows that the attackers are making millions of dollars with this scam.”
Targeting more than cryptocurrency
Alongside the loss of cryptocurrency, the scam can also compromise the victims’ iPhones. Leveraging ‘Enterprise Signature’, a system used by software developers, the attackers may target groups of iPhone users with their fake apps and remotely control their devices. The attack can open up victims to a wide range of threats, including identity theft or the deletion of data.
Sophos recommends that users install a security program to protect their mobile devices. The company recommends their own product Intercept X for Mobile. Additional information on Sophos’ findings is available at SophosLabs Uncut.
