Tech giant Apple has come under fire for its tight control of the App Store, where developers are required to use its payment system
Tech giant Apple has come under fire for its tight control of the App Store, where developers are required to use its payment system

A new scam on the Apple App Store that utilizes the Apple Developer Program and Enterprise Signatures to bypass the company's strict review process is currently victimizing iPhone users, with some already losing hundreds of thousands of dollars.

Apple's iOS comes with a lot of features that protects it from different kinds of malware and scams proliferating in other mobile operating system. Despite the company's efforts, malicious and threat actors always find a way to get into the system and take advantage of unsuspecting consumers.

One of these is the new malicious campaign called CryptoRom, which was discovered by Sophos, a cyber security company. This scam lures potential victims into installing fake crypto trading apps by approaching them on dating platforms.

img

Photo: AFP / Chris DELMAS

Malicious actors use dating apps or sites like Tinder, Bumble, Grindr and Facebook to find potential victims. After that, they move the conversation from the dating apps to messaging apps.

"They strike up a friendship, using the dating game as a ruse, but then quickly move to money, this time in the guise of them doing you a big favor by offering you a chance to join an ‘unbeatable’ investment opportunity,” cybersecurity experts said in a post Wednesday.

Scammers will befriend these victims and once they become well-acquainted, will ask to install fake trading apps that come with customer support and genuine-looking websites.

The conversation then moves on to investment and malicious actors will ask victims to invest a small amount and even let them withdraw that money with a profit. But, this is of course just a bait.

After that, the new "friend" will advise unsuspecting consumers to buy financial products or invest in some kind of profitable trading activities or events. To make the scam more convincing, the faux friend will even lend money to victims.

The ruse ends when victims get suspicious and want to get their money back. The malicious actors disappear while their victims are locked out of the account.

So far, several users have come forward confirming the scam. "One of the victims shared the bitcoin address to which they transferred their money, and when we checked at the time of writing it has been sent over $1.39 million dollars to date," the blog revealed.

"One victim lost £63000 (~ $87000). There are additional news reports in UK of these scams, with one victim losing £35000 (~$45000) to a scammer who contacted them through Facebook, and another who lost £20000($25000) after being scammed by someone who contacted through Grindr," Sophos exposed.

"In the latter case, the victim made an initial deposit, transferred money to a Binance application from their bank and then to crooks; they were then asked to deposit more funds in order to withdraw their money. None of these victims have gotten their money back," the cybersecurity company shared.

Most of the victims are iPhone users and according to the blog, webpages designed to distribute fake apps "have also been mainly mimicking the App Store." The cybersecurity firm believes scammers target iPhone users with the assumption that they are likely wealthy.

Sadly, this scam campaign remains active to this day with new victims getting entangled in it every day.