Security News > 2022 > March > 'CryptoRom' Crypto Scam Abusing iPhone Features to Target Mobile Users
Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
"This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
Previous variants of the social engineering scam observed in October 2021 were found to leverage lookalike App Store pages to deceive people into installing the rogue iOS apps, not to mention abuse Apple's Developer Enterprise Program to deploy sketchy mobile provisioning profiles to distribute the malware.
Once installed, the crooks promise the individuals huge financial returns in return for making a monetary investment, while artificially manipulating the numbers on the fake app to "Reinforce the con" and convince the victims into believing that "They are making money" through the platform.
"The scam doesn't end with just fooling victims into investing," Chandraiah elaborated.
News URL
https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html