It’s a campaign that experts at Sophos, a computer security firm, have dubbed “CryptoRom” because of the bizarre combination of two elements: cryptocurrency scams and dating apps. a new report, published Wednesday, October 13, highlights sophisticated methods of extortion, relying in particular on false infected applications.
According to the various victim cases studied by Sophos, hackers who lend themselves to this type of scam often go through dating applications, such as Grindr, Tinder or even Bumble. A first relationship is established between the scammer and his target, during which, according to the report, the hacker first seeks to move the conversation to a messaging application, such as WhatsApp. Then, over the course of the exchanges, the crooks then try to convince their victims to install an application for investing in cryptocurrencies. And this is where the scam gets more sophisticated.
Outsmart Apple’s vigilance
Indeed, most of the victims identified by Sophos used an iPhone, and this while the ecosystem of Apple phones is supposed to be much more closed, greatly limiting the risk of downloading infected applications. The company uses programs that allow it to authorize – or not – developers to distribute their applications on the App Store (the iOS application store). In principle, therefore, unless you “break” the operating system of an iPhone, it is impossible to install software without going through this platform, where distributed programs are analyzed to ensure that they do not contain no virus.
But the hackers carrying out these scams have used several methods to deceive these protective measures and to succeed in “signing” malware, that is, to make iOS recognize it and thus obtain permission to install it there.
One of these methods, called Super Signature, is to exploit and hijack an application test program offered by Apple, to allow the installation of unverified software on a small number of devices. The second, which works in a somewhat similar fashion, relies on certificates that can be used to install an app on many more devices at once. As Sophos points out, there are commercial services selling signatures that hackers can buy in order to install fraudulent apps on an iPhone. Once these signatures are obtained, it remains for the crooks to direct the victims to a web page masquerading as the App Store and encourage them to download their fake investing apps.
Victims in France
In its report, the company points out that the spectrum of action of crooks using these methods is much broader than what was initially estimated. In an initial publication in May, Sophos estimated that the victims were mainly located in Asia, but has since discovered targets in Europe, notably in France, Hungary and the United Kingdom, as well as in the United States. The campaign identified by Sophos is lucrative: one of the bitcoin wallets used by hackers received nearly $ 1.4 million in installments.
The fake applications, once installed, can for some pass themselves off as real trading and investment software, dedicated to cryptocurrencies, but also to Forex or more traditional stock transactions. Pushed to make a first payment, the victims are lured by a first profit, which they can cash. Then they are encouraged by the crooks to put into play larger sums which, for their part, will never be recovered.