Sophos detailed a scam campaign targeting users on Tinder, Facebook Dating, Grindr, and Bumble, where the scammers are luring targets into installing fake crypto apps and invest in them.
Targets will be scammed after investing a significant amount in it, by being locked out of their accounts. Researchers said the campaign was seen initially in Asia, but now expanded to the EU and US, stealing funds over $1.4 million to date.
Targeting Users Dating Apps
Researchers at Sophos security firm released a new report this week, detailing a fraud campaign resulting in victims losing money. Named as CryptoRom, the scam is heavily based on social engineering.
Also Read- Best Cryptocurrency Apps For Android
Researchers explained that the scammers are targeting vulnerable people on several dating apps like Facebook Dating, Grindr, Tinder, and Bumble, and converse with them to gain trust. Once close, they push targets to install fake cryptocurrency trading apps and invest in them!
This part gets interesting as the scammers are redirecting users to install those fake apps from genuine sources like Appstore, which Apple maintains tightly from letting any such malicious app sneak in.
Researchers found that scammers were able to spoof Apple’s Developer Enterprise program and obtain Apple Enterprise/Corporate Signature – used for verifying apps before listing them in Appstore for user downloads.
Through this, they’ve imitated legitimate cryptocurrency trading apps like Binance and lured targets into installing and investing in them. They then offer satisfying returns at the start, only to push them into investing more. After which, they will be locked out of their accounts when trying to withdraw.
Sophos researchers have identified a similar campaign happening in May this year, targeting Asian users. But they, the scammers have expanded to hit targets in the US and EU, and stole over $1.4 million today, as per researchers.