Fake crypto trading apps designed to drain victims' wallets successfully bypassed Apple's strict security protocols.
Scammers often rip their victims off through popular dating apps like Tinder and Bumble. The attackers create fake yet convincing profiles on legitimate dating sites. After making contact, they suggest moving the conversation to a messaging platform where they try to persuade victims to install and invest in a fake cryptocurrency trading app.
Various studies show that victims lose millions of dollars – they get hooked by the promising returns but logically get refused when they try to access their funds. Both love and money are lost.
Cybersecurity company Sophos has detailed a so-called CryptoRom scam on many occasions. In its newest research, the company claims that the first fake CryptoRom apps, namely Ace Pro and MBM_BitScan, successfully bypassed Apple's security protocols. Apple was notified about the issue and removed the apps from their store.
Previously, the company said, cybercriminals used "workaround techniques to convince victims to download illegitimate iPhone apps that were not sanctioned by the Apple App Store."
"Many potential victims would be 'alerted' that something wasn't right when they couldn't directly download a supposedly legitimate app. By getting an application onto the App Store, the scammers have vastly increased their potential victim pool, particularly since most users inherently trust Apple," said Jagadeesh Chandraiah, senior threat researcher, Sophos.
Moreover, both apps are not affected by the Lockdown mode, which prevents scammers from loading mobile profiles helpful for social engineering.
"In fact, these CryptoRom scammers may be shifting their tactics—i.e., focusing on bypassing the App Store review process—in light of the security features in Lockdown."
Regarding the Ace Pro app, scammers actively maintained a fake Facebook profile and persona of a woman supposedly living a lavish lifestyle in London. Probably enticed by the attacker's rich life, victims were tricked into downloading a fraudulent app. Victims deposit cryptocurrency believing they could withdraw it with high yield anytime, when, in fact, their money goes straight to the scammers' wallets.
"In order to get past App Store security, Sophos believes the scammers had the app connect to a remote website with benign functionality when it was originally submitted for review. The domain included a code for QR scanning to make it look legitimate to app reviewers. However, once the app was approved, the scammers redirected the app to an Asian-registered domain. This domain sends a request that responds with content from another host that ultimately delivers the fake trading interface," Sophos explained.
Another fraudulent app discovered by researchers, MBM_BitScan, was also available for Android users and known as BitScan on Google Play.
"The two apps communicate with the same Command and Control (C2) infrastructure; this C2 infrastructure then communicates with a server that resembles a legitimate Japanese crypto firm. Everything else that is malicious is handled in a web interface, which is why it is hard for Google Play's code reviewers to detect it as fraudulent," Sophos said.
More from Cybernews:
Subscribe to our newsletter