Hackers have stolen at least $ 1.4 million from various people through CryptoRoam attacks, using a combination of social media, dating apps, cryptocurrency and abuse of Apple‘s Enterprise Developer Program, according to a report by AppleInsider.
The scam has been in circulation for about six months and Apple ios platform is the goal, says the report. Scammers’ modus operandi begins with gaining the target’s trust through social media or data apps. After that, the victim is lured to install a modified version of a cryptocurrency exchange through a website that resembles the look of Apple. App store from where they are induced to invest, as the target is asked to download a mobile device management profile. After doing so, the scammers defraud victims out of cash, the report adds.
According to a Sophos report, one victim lost around $ 87,000 in this scam, with losses of $ 45,000 and $ 25,000 also reported by others. Cybersecurity researchers have found a Bitcoin address to which just under $ 1.4 million has been transferred. Considering the fact that it is only one address and many more could be used by scammers, the amount of money stolen could be higher.
“Returning to the fake App Store web page, the unsuspecting user is prompted to download an app signed with a certificate associated with the mobile device management profile through Apple’s enterprise provisioning or super signature distribution method. . The application in question is a fake version of the Bitfinex cryptocurrency trading application, ”the report states.
The report further adds: “The victim is then convinced to make a small investment in a cryptocurrency as a proof of concept, and allowed to withdraw the profits. When a larger deposit is made, the victim discovers that it cannot be withdrawn and the aggressor tells him that he either simply takes the money for himself, that more must be invested, or a tax must be paid to withdraw the money ”.