Social Engineering Attacks Using a Combination of Romantic Lures and Crypto Fraud have been used to lure unsuspecting victims into downloading fake iOS apps using legitimate iOS features such as TestFlight or Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign “CryptoRom,” characterized it as a wide-ranging global scam.
“This style of cyber-fraud, known as sha zhu pan (Sha Zhu Pan ) — literally ‘pig butchering plate’ — is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence,” Sophos analyst Jagadeesh Chandraiah said in a report published last week.
The campaign involves approaching potential victims through dating apps like Tinder, Facebook Dating and Grindr. After that, the conversation moves to messaging apps, such as WhatsApp, where the victim is urged to download a cryptocurrency trading app. This application mimics popular brands, locks people out of accounts, freezes their funds, and allows them to trade with other users.
Previous variants of the social engineering scam observed in October 2021 were found to leverage lookalike App Store pages to deceive people into installing the rogue iOS apps, not to mention abuse Apple’s Developer Enterprise Program to deploy sketchy mobile provisioning profiles to distribute the malware.
But the new attack wave observed by Sophos takes advantage of Apple’s TestFlight beta testing framework and a device management feature called Web Clips, which allows URLs to specific web pages to be placed on the home screen of the user’s iOS device like a traditional application.
The crooks will promise huge financial returns to the individual for making a monetary capital. They also manipulate the numbers of the fake app in order to “reinforce” the con and get victims to believe that they are “making money” on this platform.
Chandraiah explained that the scam does not end at convincing victims to invest. “When victims try to withdraw funds from their big ‘profit,’ the crooks use the app to inform them that they need to pay a ‘tax’ of 20% of their profits before funds can be withdrawn — and threaten that all their investments will be confiscated by tax authorities if they do not pay. “