Fake Android and iOS applications seek to seize cryptocurrencies (Bitcoin, Ether, etc.) from Internet users. To trick investors and convince them to install the fake app, hackers contact them on dating apps like Tinder or Bumble.
Sophos IT security experts are warning users of dating apps, like Tinder, Bumble, Grindr or Facebook Dating. According to researchers, an online scam dubbed “CryptoRom” is currently spreading in Western Europe.
This scam aims to steal cryptocurrencies from Internet users. First, the victims will be contacted through a dating app. In some cases, the target may also receive a message on WhatsApp.
How hackers scam cryptocurrency investors via Tinder, Bumble or Grindr?
Unsurprisingly, hackers do not choose their victims at random. They select their targets by consulting their profile on social networks. According to Sophos, criminals select individuals who have already invested in cryptocurrenciessuch as Bitcoin or Ether. “We suspect that the scammers obtained the contact details of their targets either through their own social media accounts or through compromised websites”explains Jagadeesh Chandraiah, researcher at Sophos.
After having discussed a little with his victim via a false profile, the pirate will offer to this one to earn money. The scammer claims to have discovered a way to make money fast with cryptocurrencies.
The hacker will guide the target to purchase digital currencies from a reliable platform, such as Coinbase, Binance, or Crypto.com. Secondly, the victim will have to transfer funds to a mobile app provided directly by his interlocutor. This is where the trap closes: the sent cryptocurrencies are recovered by hackers.
To recover assets, criminals rely on fake Android and iOS apps. If the victim has an Android smartphone, the hacker will provide him with an APK file. If his target uses an iPhone, the hacker will circumvent Apple’s security measures using techniques reserved for app developers.
Read also: a scam threatens to steal your cryptocurrencies, do not answer this SMS!
Once the bogus app is installed, the victim will transfer the purchased cryptocurrencies to a reliable site. Assets will fall into the hands of scammers. “These scams are well organized to identify and exploit vulnerable users based on their circumstances, interests and level of ability”says Jagadeesh Chandraiah, assuring that thousands of dollars were stolen as part of the “CryptoRom” campaign.