Users of iPhone and Android devices should beware of fake cryptocurrency apps

Users of iPhone and Android devices should beware of fake cryptocurrency apps

Tech Highlights:

  • “We have learned of victims in Europe, most of them iPhone users, who have lost thousands of dollars to crooks through these scams. We have also identified more applications tied to the fraud campaign—which, due to its combination of romance scams and cryptocurrency trading fraud, we’ve dubbed CryptoRom.” The bad actors behind these applications target iOS users via Apple’s ad hoc distribution method, through distribution operations known as “Super Signature services.” As the researchers expanded their search based on user-provided data and additional threat hunting, they also watched as malicious apps on iOS leveraged configuration profiles to compromise Apple’s Enterprise Signature distribution scheme and target victims.

  • SophosLabs researchers issued a report this spring about scammers who exploited dating sites and apps to lure victims into downloading bogus bitcoin apps for iPhone and Android. The bad guys have stepped up their game, according to new research. SophosLabs researchers Jagadeesh Chandraiah and Xinran Wu reported about the latest occurrences in their SophosLabs Uncut blog, claiming that they have observed more evidence that these fraudulent apps are part of a broader, global scam since their original revelation.

“From news reports, we learned one victim lost £63000 (~ $87000). There are additional news reports in UK of these scams, with one victim losing £35000 (~$45000) to a scammer who contacted them through Facebook, and another who lost £20000($25000) after being scammed by someone who contacted through Grindr. In the latter case, the victim made an initial deposit, transferred money to a Binance application from their bank and then to crooks; they were then asked to deposit more funds in order to withdraw their money. None of these victims have gotten their money back. Though some victims have been Android users, Sophos Labs believes most are iPhone users. Web pages created to distribute these apps have also been mainly mimicking the App Store, suggesting these scammers are targeting iPhone users assuming they are likely to be wealthy. The following image is from one of the recent fraud web pages and the destination for app download resembles the Apple App Store page.”

The researchers urged Apple to warn users installing apps through ad hoc distribution or through enterprise provisioning systems that those applications have not been reviewed by Apple. SophosLabs has shared details of the malicious apps and infrastructure with Apple and are still awaiting a response. For those looking to mitigate these attacks, SophosLabs has made a full list of IOC’s from the first part of this attack campaign available on its GitHub.

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides