Social engineering attacks exploiting a combination of romance lures and cryptocurrency fraud have tricked unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features such as TestFlight and Web Clips.
Cybersecurity firm Sophos, which named the campaign against organized crime “CryptoRom“, called it a massive global scam.
“This style of cyber fraud, known as sha zhu pan (杀猪盘) – literally “pig butcher plate” – is a well-organized syndicated scam operation that uses a combination of social engineering often centered on romance and fraudulent financial apps and websites to trick victims and steal their savings after gaining their trust,” Jagadeesh Chandraiah, analyst at Sophos noted in a report released last week.
The campaign works by approaching potential targets through dating apps such as Bumble, Tinder, Facebook Dating and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging victims to install a money-trading app. cryptocurrency designed to imitate popular brands and lock people in. of their accounts and freeze their funds.
Previous variants of the social engineering scam observed in October 2021 have been found to take advantage of similar App Store pages to trick people into installing the rogue iOS apps, not to mention abuse Apple Enterprise Program for Developers summarily deploy mobile provisioning profiles to distribute the malware.
But the new wave of attacks observed by Sophos takes advantage of Test flight beta testing framework and a device management feature called Web snippetsallowing URLs to specific web pages to be placed on the home screen of users’ iOS devices, just like a traditional app.
Once installed, scammers promise individuals huge financial returns in exchange for monetary investment, while artificially manipulating the fake app’s numbers to “enhance the scam” and convince victims to believe that “they are winning money” thanks to the platform. .
“The scam is not just about tricking victims into investing,” Chandraiah explained. “When victims try to withdraw funds from their big ‘profit’, scammers use the app to inform them that they must pay a ‘fee’ of 20% of their profits before the funds can be withdrawn – and threaten that all their investments will be confiscated by the tax authorities if they do not pay.”