Thieves abused Apple’s enterprise app programs to steal $1.4 million in crypto

AppleInsider is supported by its audience and may earn commissions as an Amazon Associate and affiliate on qualified purchases. These affiliate partnerships do not affect our editorial content.

Thieves have used a combination of social media, dating apps, cryptocurrency and abuse of Apple’s Enterprise Developer program to steal at least $ 1.4 million from unsuspecting victims.

A scam that has been circulating for six months has evolved to affect iOS users. CryptoRom scam implementation is pretty straightforward — after gaining a victim trust via social media or existing data apps, users are tricked into installing a modified version of a cryptocurrency exchange, lured into investing and then cheated out of cash.

After gaining the victim’s trust through dating apps, scammers start discussing investments in cryptocurrency. They are then redirected to a site similar to the Apple App Store and then prompted to download a profile for managing mobile devices, giving control over a range of features and the ability to use signed apps created by the scammers.

When he returns to the fake App Store website, the unsuspecting user is then prompted to download an app signed with a certificate associated with the Mobile Device Management profile, either via Apple Enterprise provisioning or Super Signature distribution method. The app in question is a fake version of the Bitfinex cryptocurrency trading program.

The victim is then persuaded to make a small investment in a cryptocurrency as proof of the concept, and is allowed to withdraw the profits. When a larger deposit is made, the victim finds that it cannot be withdrawn and is told by the assailant either just to withdraw the money for himself, that more must be invested, or that a tax must be paid to withdraw the money.

A report from Sophos describes the amount of money lost. Specifically, one victim lost about $ 87,000, while other reports found $ 45,000 and $ 25,000 losses. There does not appear to be any social media or dating services used primarily by the scammers, with accounts of losses from users who tried to find a partner on Facebook, Bumble, Tinder and Grindr before moving to other private messaging services.

The researchers found a Bitcoin address that had nearly $ 1.4 million transferred to it. Given that there are likely to be more addresses in use for the scheme, the number is likely to be higher.

“This scam campaign is still active and new victims are falling for it every day, with little or no prospect of getting their lost funds back,” Sophos wrote. “To mitigate the risk of these scams being targeted at less sophisticated users of iOS devices, Apple should warn users to install apps through ad hoc distribution or through enterprise provisioning systems that these applications have not been reviewed by Apple. . “

Sophos says they have shared details about the scam with Apple. On Thursday morning, the researchers did not receive a response.

How to Avoid CryptoRom Attacks

As more and more cryptocurrency exchanges begin to verify customers and make sure that a few cryptocurrency exchangers have a valid connection, this type of attack may begin to subside. However, the lack of broad cryptoregulation will always make it a vector of concern.

A better stop to this attack is that users are aware that abused device control profiles can give assailants a wide range of device accesses, including the ability to remotely control the device in extreme cases. Not installing profiles beyond what a company-owned device needs would stop this attack in its tracks, as it would initially prevent the use of the fake app.

Besides, installing apps outside the app store would not have stopped the thefts either.

Leave a Comment