1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Tinder and Bumble users targeted by major iOS crypto scam

    From TechnologyDaily@1337:1/100 to All on Wed Oct 13 18:00:05 2021
    Tinder and Bumble users targeted by major iOS crypto scam

    Date:
    Wed, 13 Oct 2021 16:45:27 +0000

    Description:
    Threat actors are now luring victims to fake crypto trading apps using
    popular dating platforms.

    FULL STORY ======================================================================

    Cybersecurity researchers have shared insights into a cryptocurrency trading scam that attacks iPhone users through popular dating platforms such as
    Bumble and Tinder.

    Named CryptRom by researchers at Sophos , the scam first targeted people in Asia, and is now attacking users in the US and Europe as well.

    A Bitcoin wallet belonging to the attackers reveals that the threat actors have minted nearly $1.4 million in cryptos from the scam. TechRadar needs
    you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << These are the best
    iPhone antivirus apps Protect your devices with these best antivirus software Here's our choice of the best malware removal software on the market

    The CryptoRom scam relies heavily on social engineering at almost every
    stage, said Jagadeesh Chandraiah, senior threat researcher at Sophos, adding that the novel scam has the potential of doing a lot more damage than just stealing cryptos. Gateway to scams

    Unraveling the scam, Sophos says the threat actors begin by posting fake profiles on legitimate dating sites to lure in victims. Once baited, the victims are then persuaded to install and invest in a fake cryptocurrency trading app.

    At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost,
    the researchers share.

    The threats however dont just end with the lost cryptos. Sophos notes that
    the threat actors use Apples enterprise signature mechanism to install apps directly on iOS devices circumventing the App Store .

    Enterprise signature is designed for use by iOS developers to enable app developers to test iOS apps before submitting them to the official Apple App Store for review and approval.

    Until recently, the criminal operators mainly distributed the fake crypto
    apps through fake websites that resemble a trusted bank or the Apple App Store. The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data, said Jagadeesh Chandraiah, senior threat researcher at Sophos.

    Sophos believes the threat actors use the fake crypto trading app to gain remote management control over the devices of their victims, which exposes them to all kinds of malicious campaigns. These are the best ransomware protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/tinder-and-bumble-users-targeted-by-major-ios-c rypto-scam/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)