If your internet sweetheart is trying to convince you to download some apps, claiming you’ll get rich by investing, they’re most likely trying to scam you.
The latest scam involves an app called CryptoRom, which an unsuspecting person will install under the pretense that it’ll help them invest in cryptocurrencies like Bitcoin. Researchers at Sophos Labs first brought this scam into light, tracing it all back to a single crypto wallet that has, at the time of writing this article, amassed $1.4 million in Bitcoin through this fake app.
“Victims are contacted through dating sites or apps like Bumble, Tinder, Facebook Dating and Grindr. They move the conversation to messaging apps. Once the victim becomes familiar, they ask them to install fake trading application with legitimate looking domains and customer support. They move the conversation to investment and ask them to invest a small amount, and even let them withdraw that money with profit as bait. After this, they will be told to buy various financial products or asked to invest in special “profitable” trading events. The new friend even lends some money into the fake app, to make the victim believe they’re real and caring. When the victim wants their money back or gets suspicious, they get locked out of the account,” write Jagadeesh Chandraiah and Xinran Wu in their report on Sophos’s website.
According to researchers at Sophos, a crucial part of this operation is the use of Super Signature services. Scammers have managed to gain access to Apple’s Enterprise Program, which lets them sign and publish apps legitimately through the App Store. This way, the apps bypass the review process entirely and, even worse, allow attackers to gain remote access to devices with the malicious apps installed.
It should go without saying, but installing good anti-malware protection like Sophos Antivirus is an excellent first step in protecting your devices against hackers and scammers. It also pays to remember the old saying, though: “There ain't no such thing as a free lunch.” If something seems too good to be true - it probably is.
Your email address will not be published.*