Security experts claim to have discovered the first “cryptorom” scam applications to have successfully bypassed Apple’s strict App Store vetting processes.
The two apps in question, Ace Pro and MBM_BitScan, were also discovered on Google Play. However, it is their presence on the App Store, usually governed by stricter security protocols, which will alarm users.
The apps are also immune to Apple’s Lockdown mode, which is designed to protect users from sophisticated social engineering, Sophos said.
“In general, it’s hard to get malware past the security review process in the Apple App Store. That’s why, when we originally began investigating cryptorom scams targeting iOS users, the scammers would have to persuade users to first install a configuration profile before they could install the fake trading app,” explained Sophos senior threat researcher, Jagadeesh Chandraiah.
“This obviously involves an additional level of social engineering – a level that’s hard to surmount. Many potential victims would be ‘alerted’ that something wasn’t right when they couldn’t directly download a supposedly legitimate app. By getting an application onto the App Store, the scammers have vastly increased their potential victim pool, particularly since most users inherently trust Apple.”
Cryptorom scams are so named because they usually begin on dating sites, with scammers attracting their victims with fake profiles. After building a rapport with their victims via unmonitored messaging apps, they subsequently persuade them to download the scam app and start trading/investing in crypto.
In the case of Ace Pro, the scammers created and actively maintained a fake Facebook profile of a woman supposedly living a lavish lifestyle in London, Sophos explained.
The security vendor claimed that the malicious developers likely connected the app, which was disguised as a QR scanner, to a benign remote website when originally submitted to App Store reviewers.
Once approved, the app was redirected to an Asia-registered domain linked to the fake trading interface, it added.
Both Ace Pro and MBM_BitScan apparently connected to the same command and control (C2) infrastructure, designed to resemble a legitimate Japanese crypto firm.
Cryptorom scams are a form of “pig butchering” fraud – an technique originating in Asia which combines romance-based social engineering with fraudulent crypto-trading apps.
Editorial credit icon image: Tada Images / Shutterstock.com