‘CryptoRom’ Targets Mobile Users by Exploiting iPhone Features

There is a dark side to using the internet. A lot of scammers continuously search for their targets. They make the users believe in their wording and promises. Something serious happens in the same regard. ‘CryptoRom’ is an organized criminal effort in the same manner. It uses legitimate iOS tools like TestFlight and Web Clips to make users fall into their trap. These social engineering attacks use a mix of romantic charms and cryptocurrency scams. Because of these, unsuspecting victims install fraudulent apps.

CryptoRom- A Crypto Scam

The organized criminal effort has a name “CryptoRom”. The cybersecurity firm Sophos gives it the name, which describes it as a global hoax. There was a report by Sophos that was published last week by analyst Jagadeesh Chandraiah. According to which, this form of cyber fraud is called sha zhu pan (杀猪盘). It has the literal meaning of ‘pig butchering plate’. These operations contain a series of well-planned and well-structured scams. They use a mix of romantic charms and cryptocurrency scams. Through fake financial apps, they steal their target’s savings as they have won the trust of the target.

Also read: Netflix Ends Password Sharing in 2022

How This Campaign Works

The program targets potential persons via online dating like Bumble, Tinder, Fb Dating, and Grindr. And before shifting the focus to messaging apps, such as WhatsApp, and pressuring victims to download a cryptocurrency trading application freeze the funds. These apps have designs like famous brands and drag people outside of their accounts.

However, the new assault exploits Apple’s TestFlight beta-testing infrastructure and Web Clips. It allows URLs to particular web pages on the main screen of users’ iOS gadgets, just like a typical app.

Once installed, the criminals promise the victims large financial returns in exchange for a monetary investment, while changing the figures on the fake app to “reinforce the scam” and persuade the victims that “they are earning profit” through the platform.

Previous Version of Crypto Scam

Previous versions of the social engineering scheme were discovered in October 2021. It used spoof App Store pages to trick customers into installing illegal iOS apps. Also, abusing Apple’s Developer Enterprise Program to deliver malware via dubious mobile provisioning accounts.

Also read: MiFit App has Now Become Zepp Life on Play Store