Sophos cybersecurity researchers identified a Bitcoin wallet filled with tokens worth $1.4 million (roughly Rs. 10 crores) that were collected through scams. The crypto scammers were targeting iPhone users on popular dating apps such as Bumble and Tinder. Along with ripping off people’s cryptocurrency, the hackers were also compromising the personal details of their victims to cyber risks, Sophos claimed. The threat triggered by these scammers has been code-named “CryptoRom” by Sophos.
These scammers have learned enough about social behavior to make millions out of three different continents.
The CryptoRom scammers abuse the Apple Enterprise Signature program, a software used for app development. Like a true cyber parasite, they gain control of the victim’s iPhone, being able to fully manage it and install even more apps for hacking purposes.
As explained by Sophos:
When an iOS device user visits one of the sites used by these scams, a new profile gets downloaded to their device. Instead of a normal ad hoc profile, it is an MDM provisioning profile signed with an Enterprise certificate that is downloaded. The user is asked to trust the profile and, after they do that, the crooks can manage their device depending on the profile contents.
The Crypto Scam Mode of Operation.
Scammers might not seem like it at first. Nowadays, they take their time to befriend the victims. Some attackers tend to disguise themselves as celebrities. Sophos has also explained the procedure of the CryptoRom scammers by segmenting it into 5 stages.
First, they create a convincing profile -the most prominent sites being Tinder, Bumble, Grindr, and Facebook Dating-; second, after approaching the victim they ask to chat in a different messenger service such as WhatsApp.
Later on, they ask to download an app for crypto trading. The hackers gain the victim’s confidence by allowing them to make a withdrawal of a fake profit at first. The last step of the fraud is to not let the victim access their funds, topped by removing their money.
What shows itself at first as a casual conversation, ends up in a millionaire scam.
The Federal Trade Commission (FTC) has been warning about the big increase of these frauds for a while. Earlier this year they shared tips on how to protect oneself:
Before you invest, check it out. Research online for the name of the company and the cryptocurrency name, plus words like “review,” “scam,” or “complaint.” See what others are saying.
As Bitcoin prices are on the rise and the world is leading to a predominately digital economy era, the scammers will become cruder and more creative on their methods. It is fundamental to stay away from unverified Apps and investment promises that sound too good to be true.
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.