Tinder, Bumble and Grindr iOS Users Targeted by Latest Crypto Scam, Called ‘CryptoRom’

October 15, 2021, 10:45 AM AEST - 3 days ago

A relatively new cryptocurrency trading scam is preying on iPhone users via popular hook-up platforms such as Tinder, Bumble and Grindr.

Dubbed CryptoRom by researchers at cybersecurity firm Sophos, the scam initially targeted victims in Asia and is now attacking users in the US and Europe as well.

A Bitcoin wallet belonging to the attackers, as detected by Sophos with the aid of one victim, revealed that nearly US$1.4 million in cryptos had been harvested by the scam.

“The CryptoRom scam relies heavily on social engineering at almost every stage,” according to Jagadeesh Chandraiah, senior threat researcher at Sophos, who adds that the novel scam has the potential to do a lot more damage than just stealing cryptos.

“They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes,” the Sophos researchers said. 

Beware Fake Crypto Trading Apps

Initially, fake profiles are posted on legitimate dating sites to lure in victims. Once baited, the victims are persuaded to install and invest in a fake cryptocurrency trading app. 

“At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost,” the Sophos researchers warn.

The threats don’t end with lost cryptos. Sophos researchers say the scammers use Apple’s enterprise signature mechanism to install apps directly on iOS devices, circumventing the App Store.

Enterprise signature is designed for use by iOS developers to enable app developers to test iOS apps before submitting them to the official Apple App Store for review and approval.

Until recently, the criminal operators mainly distributed the fake crypto apps through fake websites that resemble a trusted bank or the Apple App Store. The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data.

Jagadeesh Chandraiah, senior threat researcher, Sophos

Next Step Is Remote Management Control

Sophos warns the scammers use the fake crypto trading app to gain remote management control over the devices of their victims, which exposes them to all kinds of malicious campaigns.

iPhone users should only install apps from Apple’s App Store. The golden rule is that if something seems risky or too good to be true – such as someone you barely know telling you about some ‘great’ online investment scheme that will deliver a big profit – sadly, it probably is.

Jagadeesh Chandraiah, senior threat researcher, Sophos

From January 1 to July 31 in the US, the FBI logged more than 1800 complaints related to romantic deceptions, resulting in personal losses of approximately US$133,400,000, much of it in cryptocurrency.

In July, Crypto News Australia also reported on the case of an American man who was drugged by a woman he met on Tinder who then attempted to steal his crypto.

Crypto News Australia has also put together an excellent guide on how to avoid Bitcoin scams, including a section on romance scams, which we strongly recommend you check out.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.