Researchers at Sophos Labs have unearthed a fraudulent scam that exploits iPhone users looking for love via dating apps.
Under the CryptoRom scam, victims are contacted through their dating app account. The scammer gains the victim’s trust by exchanging direct messages with them.
“Once the victim becomes familiar, they ask them to install fake trading applications with legitimate-looking domains and customer support,” wrote researchers.
“They move the conversation to investment and ask them to invest a small amount, and even let them withdraw that money with profit as bait.”
Victims are then instructed to buy various financial products or invest in special “profitable” trading events. To lure them into making a significant investment, the scammer will offer an in-app loan.
Researchers wrote: “When the victim wants their money back or gets suspicious, they get locked out of the account.”
The Sophos team found that most of the scam’s victims are iPhone users based in the United States or Europe. Dating apps used to dangle the bait include Bumble, Grindr, Tinder, and Facebook Dating.
Victims have been defrauded of at least $1.4m by CryptoRom. Researchers noted that “in most cases, we have come across, crooks have asked victims to transfer money by buying cryptocurrency through the Binance app and then to a fake trading application.”
The findings echo a report released by Sophos Labs in May concerning scammers abusing dating sites and apps to social-engineer victims into installing fake cryptocurrency apps on iPhone and Android.
“At the time, the evidence suggested the crooks behind these apps were exclusively targeting victims in Asia,” wrote researchers. “But since then, we’ve seen increasing evidence of these fake apps being part of a wide-ranging global scam.”
An investigation into the initial scam revealed that its perpetrators used Apple’s ad-hoc Super Signature distribution scheme to target iOS device users.
“As we expanded our search based on user-provided data and additional threat hunting, we also witnessed malicious apps tied to these scams on iOS leveraging configuration profiles that abuse Apple’s Enterprise Signature distribution scheme to target victims,” wrote researchers.