Side Loaded Apps are now targets for Crypto-Scam

Crypto-traders have been losing their money to CryptoRom for about a year, a malware campaign that combines catfishing with crypto-scamming.

CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS features – TestFlight and WebClips – to get fake apps onto victims’ phones without being subject to the rigorous app store approval process.

Successful CryptoRom scams have resulted in over seven-figure losses for victims.

Capitalizing on this trend, last year a new and well-coordinated campaign began targeting users of dating apps, the attackers’ M.O. is to begin there, then move the conversation to messaging apps.

“Once the victim becomes familiar, they ask them to install fake trading applications with legitimate looking domains and customer support,” the researches have indicated.

The trading apps tend to be cryptocurrency-related, since, more so than with fiat currency, cryptocurrency payments are irreversible.

Victims might receive a link to download what purports to be BTCBOX, perfectly legitimate cryptocurrency trading platforms which appear to have professional user interfaces, and even come with customer-service chat options.

Apple and Google apply strict vetting to cut out malicious mobile apps like these from their official stores, but hackers have been keen on new clever tricks to get around conventional security testing.

Now, CryptoRom is taking advantage of two new iOS features.

TestFlight, is a feature developers can use to distribute beta versions of their apps to testers.

In addition to TestFlight, CryptoRom attackers have been using WebClips, a feature that allows web links to be added to the iOS home screen like regular apps. Malicious WebClips mimic real apps like RobinHood to trick the user to install them, then the bait is caught.

We provide outside-the-box Solutions

ERP, CRM, ON-PREMISE SOFTWARE, VOIP, and more...

Please fill in your details and we will get back to you ASAP.