Dating apps like Bumble and Tinder are now being used by crypto hackers to target iPhone users.
On Monday, cyber security researchers identified an international cryptocurrency trading scam worth at least $1.4 million that is targeting iPhone users via popular dating apps like Bumble and Tinder and putting their personal information at risk.
The cyber criminals have expanded from targeting people in Asia to include people in the United States and Europe.
Sophos discovered a Bitcoin wallet held by the attackers that holds roughly $1.4 million in bitcoin allegedly collected from victims.
The malware has been code-named "CryptoRom" by Sophos researchers, and it depends heavily on social engineering at practically every stage.
The attackers start by creating convincing phoney profiles on reputable dating services.
"Once they've made contact with a target, the attackers recommend continuing the conversation on a messaging platform. They next attempt to persuade the victim to download and invest in a phoney bitcoin trading app "Sophos senior threat researcher Jagadeesh Chandraiah said.
"Our analysis suggests that the attackers are making millions of dollars with this scam," he said in a statement.
The attackers can access the victims' iPhones in addition to stealing money.
Cybercriminals leverage "Enterprise Signature," a software development mechanism that allows companies to pre-test new iOS apps with a small group of iPhone users before submitting them to the official App Store for evaluation and approval.
"Attackers can target larger groups of iPhone users with their fraudulent crypto-trading apps and get remote management control over their devices using the capability of the 'Enterprise Signature' system," according to the paper.
As a result, the attackers may be able to do more than merely take victims' cryptocurrency assets. For example, they might acquire personal information, add and remove accounts, and install and manage apps for harmful purposes.
Until recently, criminals disseminated fake crypto programmes mostly through fake websites that looked like a trusted bank or the Apple App Store.
"The addition of the iOS enterprise developer system increases the risk for victims since they may be turning over control of their device and the capacity to steal their personal data to the attackers," Chandraiah cautioned.
iPhone users should only install apps from Apple's App Store to prevent falling prey to these types of scams, according to the researchers.
