It’s a campaign that experts at Sophos, a computer security company, have dubbed “CryptoRom” because of the strange combination of two things: cryptocurrency scams and dating apps. to new report, published on Wednesday, October 13, highlights sophisticated extortion methods, which are based in particular on fake infected applications.

According to the various victim cases studied by Sophos, hackers who indulge in these types of scams often go through dating apps, such as Grindr, Tinder or even Bumble. A first relationship is established between the scammer and his target, during which, according to the report, the hacker first seeks to transfer the conversation to a messaging application, such as WhatsApp. Then, in the course of exchanges, criminals try to convince their victims to install an application to invest in cryptocurrencies. And this is where the scam gets more sophisticated.

Get past Apple’s vigilance

In fact, most of the victims identified by Sophos were using an iPhone, and this although it is assumed that Apple’s ecosystem of phones is much more closed, which greatly limits the risk of downloading infected applications. The company uses programs that allow it to authorize, or not, developers to distribute their applications on the App Store (the iOS application store). In principle, therefore, unless you “break” the operating system of an iPhone, it is impossible to install software without going through this platform, where distributed programs are analyzed to ensure that they do not contain viruses.

But the hackers who carry out these scams have used various methods to cheat these protection measures and get malware to “sign”, that is, make iOS recognize it and thus obtain permission to install it there.

One of these methods, called Super Signature, consists of exploiting and hijacking an application testing program offered by Apple, to allow the installation of unverified software on a small number of devices. The second, which works in a somewhat similar way, relies on certificates that can be used to install an application on many more devices at the same time. As Sophos points out, there are commercial services that sell signatures that hackers can buy to install rogue apps on an iPhone. Once these signatures are obtained, criminals must direct victims to a web page disguised as the App Store and encourage them to download their fake investment apps.

Victims in France

In its report, the company points out that the spectrum of action of criminals who use these methods is much broader than was initially estimated. In an initial post in May, Sophos estimated that the victims were located primarily in Asia, but has since discovered targets in Europe, especially France, Hungary and the United Kingdom, as well as the United States. The campaign identified by Sophos is lucrative: One of the bitcoin wallets used by hackers received nearly $ 1.4 million in fees.

Fake apps, once installed, can, for some, masquerade as real trading and investment software, dedicated to cryptocurrencies, but also more traditional Forex or stock trading. Driven to make a first payment, victims are lured by a first profit, which they can collect. The scammers then encourage them to gamble larger sums, which, in turn, will never be recovered.