On Monday, cyber security researchers identified an international cryptocurrency trading scam worth at least $1.4 million that is targeting iPhone users via popular dating apps like Bumble and Tinder and putting their personal information at risk.
The cyber criminals have expanded from targeting people in Asia to include people in the United States and Europe.
Sophos discovered a Bitcoin wallet held by the attackers that holds roughly $1.4 million in bitcoin allegedly collected from victims.
The malware has been code-named "CryptoRom" by Sophos researchers, and it depends heavily on social engineering at practically every stage.
The attackers start by creating convincing phoney profiles on reputable dating services.
"Once they've made contact with a target, the attackers recommend continuing the conversation on a messaging platform. They next attempt to persuade the victim to download and invest in a phoney bitcoin trading app "Sophos senior threat researcher Jagadeesh Chandraiah said.
"Our analysis suggests that the attackers are making millions of dollars with this scam," he said in a statement.
The attackers can access the victims' iPhones in addition to stealing money.
Cybercriminals leverage "Enterprise Signature," a software development mechanism that allows companies to pre-test new iOS apps with a small group of iPhone users before submitting them to the official App Store for evaluation and approval.
"Attackers can target larger groups of iPhone users with their fraudulent crypto-trading apps and get remote management control over their devices using the capability of the 'Enterprise Signature' system," according to the paper.
As a result, the attackers may be able to do more than merely take victims' cryptocurrency assets. For example, they might acquire personal information, add and remove accounts, and install and manage apps for harmful purposes.
Until recently, criminals disseminated fake crypto programmes mostly through fake websites that looked like a trusted bank or the Apple App Store.
"The addition of the iOS enterprise developer system increases the risk for victims since they may be turning over control of their device and the capacity to steal their personal data to the attackers," Chandraiah cautioned.
iPhone users should only install apps from Apple's App Store to prevent falling prey to these types of scams, according to the researchers.
Leave a Comment :
We introduce people to the world of currency trading, and provide educational content to help them learn how to become profitable traders. We're also a community of traders that support each other on our daily trading journey.
Trading CFDs on leverage involves significant risk of loss to your capital.
Any opinions, chats, messages, news, research, analyses, prices, or other information contained on this Website are provided as general market information for educational and entertainment purposes only, and do not constitute investment advice. The Website should not be relied upon as a substitute for extensive independent market research before making your actual trading decisions. Opinions, market data, recommendations or any other content is subject to change at any time without notice. DrForexOfficial, will not accept liability for any loss or damage, including without limitation any loss of profit, which may arise directly or indirectly from use of or reliance on such information.
The information on this site and the products and services offered are not intended for distribution to any person in any country or jurisdiction where such distribution or use would be contrary to local law or regulation. Read our full legal disclaimer.