A recent report claims that hackers abused Apple’s developer program in order to operate a dating app scam that resulted in the theft of more than a million dollars from victims.
ZDNet reports that according to cybersecurity firm Sophos, scammers used information gained via the Apple Developer Enterprise program to scam users on dating apps such as Tinder, Bumble, Grindr, Facebook Dating, and others out of millions of dollars.
After gaining the trust of users on the apps, scammers reportedly convinced cities to download fake cryptocurrency apps and tricked them into investing money into the apps before freezing their accounts. The scammers were reportedly able to easily trick Apple’s Developer Enterprise program and the Apple Enterprise/Corporate Signature into distributing the fraudulent crypto apps that were disguised as apps for legitimate crypto brands like Binance.
Sophos claims that its researchers saw scammers using Apple’s Enterprise Signature to remotely manage the devices of scam victims. The scam was named “CryptoRom” and reportedly led to at least $1.4 million being stolen from victims in America and the EU. Sophos researchers Jagadeesh Chandraiah and Xinran Wu state in their report that the attackers moved beyond targeting victims in Asia and are now targeting users in North American and Europe.
“First, the attackers post convincing fake profiles on legitimate dating sites. Once they’ve made contact with a target, the attackers suggest continuing the conversation on a messaging platform,” Chandraiah said.
“They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost. Our research shows that the attackers are making millions of dollars with this scam.”
Read more at ZDNet here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address email@example.com