Fake cryptocurrency apps on iOS – a new scam targeting iPhone users
Sophos researchers have detected a new type of scam targeting iOS users in the US and Europe. Using fake profiles on dating sites such as Tinder, Grindr or Facebook Dating, cybercriminals trick people into installing malicious apps to trade cryptocurrencies. Not only do they use them to steal funds, but they can also remotely access victims’ iPhones. The account of criminals using this mechanism has already received at least $1.39 million.
(In)safe App Store
Cybercriminals set up fake profiles on dating websites (Tinder, Bumble, Facebook Dating and Grindr) and make contact with the victim. In the next step, they urge it to install fake Binance app to trade cryptocurrencies. Once a small amount is invested in it, they allow the user to withdraw money at a profit. Then they encourage you to put up more money. When a victim becomes suspicious or wants their money back, they are left blocked. Criminals are cashing in on this activity millions of dollars – Sophos researchers have traced the address of a bitcoin wallet to which fraudsters have already sent over 1.39 million dollars. There are probably more such addresses.
– Already at the beginning of the year Interpol warned about the growing scale of fraud carried out by dating apps and social media. Now iPhone users are mainly targeted. Although the iOS platform is generally considered safe, even apps in the App Store can pose a threat. For example, there are a lot of “free” fleeceware programs that after a few days charge users with subscriptions amounting to thousands.Scam using fake cryptocurrency apps bypasses App Store security checks. So iOS users should be on guard – indicates Grzegorz Nocoń, systems engineer at Sophos.
Theft of money and personal information
Cybercriminals use to spread fake apps Enterprise Signature developer system, Which allows iOS apps to be tested before they are approved by Apple. This allows criminals to send out fake programs to iPhone’users without App Store reviews. This way they also profit remote access to devices victims. Potentially they can thus collect personal data, add or delete accounts, install and manage applications.
Enterprise Signature has been used by criminals before. Apple has taken action to curb the practice. Even Google’s and Facebook’s certificates were revoked for sending apps to consumers via this route (they were later reinstated). However, it did not prevent the bypassing of App Store controls.
– Scammers are still active, every day more victims can be persuaded to invest money, with little chance of getting it back. Apple should warn users who install apps via Enterprise that they have not been vetted. iPhone’s owners, on the other hand, should only install programs from the App Store. A key rule to remember is that if something is too good to be true, e.g. A new person you meet mentions an investment that will provide a great return, unfortunately it’s usually a scam – warns Grzegorz Nocoń.