Since their appearance, cryptocurrencies have been the subject of all kinds of comments. From those who classify them as an excellent option to generate income and carry out financial transactions, to others who see these as a means that could be used to commit scams, since it is not regulated by any institution or government.
Unfortunately the latter was what happened recently thanks to a dating app that was used as a front against iOS users to get their data. The result: a crypto theft equivalent to 1.4 million dollars.
According to the investigation carried out by a British cybersecurity company, those affected by this act are mainly users from regions such as United States, Europe and Asia.
In addition to having violated the security of these users, the people involved in the operation they encrypted the stolen information illegally and then asked for ransom for it.
In the end, many of the affected users gave in to the request and that was how the scammers got the amount of 1.4 million dollars; all this through an app called Cryptorom.
The execution of this novel scam app relies largely on social engineering. Everything starts the moment the attackers use dating sites to post fake profiles. Once this is done, they proceed to contact people who have matched their profile.
When the conversation has started in this way, the attacker proposes to the victim to continue it on a messaging platform. The attacker then uses his abilities to convince the victim to install a fake cryptocurrency trading app.
It is worth mentioning that cybercriminals determine the user they have chosen as a target very well. In this way they not only focus on stealing the victim’s money, but also target have access to your iPhone.
The reason behind this action is to make users submit the fake app to the Enterprise Signature, Apple’s software developer system. Its purpose: get the company to approve the app sent by the user and is officially available in the App Store and then from there carry out massive attacks.
For Apple it is difficult to identify which apps are fake, since cybercriminals can upload a large number of them without having any problem with the certification and, since they use special accounts to obtain the endorsement, the apps are published in the store in a few days .