Cryptocurrency Scammers Target iPhone Users Through Dating Apps, Because They Are 'Wealthy'

Cupid, Apple, Bitcoin

With the internet, people can communicate through the distances, and speak with strangers, and get to know them better.

Due to this fact, a number of apps have long offered the ability for users to meet someone they probably like. Through dating apps, dating can begin even before meeting in person.

And this ability is risky as it is tempting.

People are liking it, and so do scammers.

According to cybersecurity company Sophos, Apple users are target of a cryptocurrency scam that emerge directly from the Apple App Store.

Sophos said the scam it dubbed "CryptoRom" entices potential victims into installing fake cryptocurrency trading apps, by first posing as a potential lover.

On the report, it is said that the scammers initially approach their victims through dating platforms.

“Victims are contacted through dating sites or apps like Bumble, Tinder, Facebook dating and Grindr. They move the conversation to messaging apps. Once the victim becomes familiar, they ask them to install fake trading applications with legitimate-looking domains and customer support. They move the conversation to investment and ask them to invest a small amount, and even let them withdraw that money with profit as bait."

"After this, they will be told to buy various financial products or asked to invest in special ‘profitable’ trading events. The new friend even lends some money into the fake app, to make the victim believe they’re real and caring. When the victim wants their money back or gets suspicious, they get locked out of the account.”

The scam involves claiming that Apple would double a donation of Bitcoins.

If a user sent between 0.1 and 20 Bitcoins via a link in a QR code, the scammer said that Apple would purportedly send twice the amount back.

“In our initial research, we discovered that the crooks behind these applications were targeting iOS users using Apple’s ad hoc distribution method, through distribution operations known as ‘Super Signature services.’"

"As we expanded our search based on user-provided data and additional threat hunting, we also witnessed malicious apps tied to these scams on iOS leveraging configuration profiles that abuse Apple’s Enterprise Signature distribution scheme to target victims.”

As of its findings, Sophos estimated that the scammers could have made millions of dollars already, in this cryptocurrency scam that target millions of dating apps' users.

CryptoRom scam
Credit: Sophos

“One of the victims shared the Bitcoin address to which they transferred their money, and when we checked at the time of writing, it has sent over $1.39 million dollars to date. This shows the scale of this scam and how much money fraudsters are making from vulnerable users. This is just one Bitcoin address, the tip of the iceberg. There could be several, with millions being lost.”

The dating apps are real, but Apple does not allow owners of iPhones and iPads to sideload apps.

This is where the scammers trick victims into using malicious trading apps that are distributed via fake websites, by abusing the Apple Enterprise Signature program, a software used for app development.

This way, the scammers can also gather sensitive information, in addition to ripping off their victims. They can even gain control of victims' devices, and can fully manage them to install even more apps for hacking purposes.

Prices for cryptocurrencies are considered volatile. But with more and more people getting into investing in cryptocurrencies, cryptocurrency-related crimes are becoming increasingly common.

Researchers at Sophos warned that cryptocurrency investors should only use verified exchange and trading websites and apps to facilitate secure cryptocurrency transactions.

According to Sophos, iPhone users are the prime targets as the scammers assume that many of them are “likely to be wealthy.”