Users of dating apps are being warned about a romance scam being conducted by an international cybercriminal gang dubbed CryptoRom. The gang has previously targeted individuals in Asia but has now expanded its operation and is targeting dating app users in Europe and the United States.
Romance scams are nothing new of course, but they have become much more prevalent due to the increased use of dating apps, which allow scammers to interact with huge numbers of people. The scammers use dating apps and match with their victims, then engage in conversations and build trust. When the scammers feel they are trusted and have built up a relationship with their victim, they ask for money.
Various reasons are provided as to why money is required. Oftentimes, money is needed to cover the cost of travel for a date or to help ease temporary financial difficulties. It is now common for scammers to offer their victims an exclusive opportunity to invest in cryptocurrency or stocks as a way to quickly make money.
During the pandemic, when many single people were prevented from meeting and dating, dating sites provided an opportunity to virtually engage with others and scammers upped their game. Interpol issued an alert in January this year warning of a rise in romance scams.
Romance scams are big business. The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received 23,751 complaints about romance scams in 2020 involving losses of $600,249,821 – in 2020, romance scams/confidence fraud was the second biggest cause of losses to cybercrime.
According to Sophos, the CryptoRom gang’s cryptocurrency wallet contains almost $1.4 million in cryptocurrency, which Sophos believes has been stolen from victims of romance scams. That is just one wallet. It is possible that multiple wallets are being used by the gang.
The CryptoRom targets iPhone users of dating apps such as Tinder and Bumble. Victims are asked to download a fake cryptocurrency trading app from a website that has been created to appear that it is a legitimate app store. Once the app has been downloaded, victims are asked to purchase cryptocurrency through Binance and transfer funds to a wallet using the fake app.
Initially, it appears that the victims are making a good return, but if they ask for their money back or attempt to withdraw the funds, the request is refused. All money paid to the gang is lost and the losses can be considerable. One victim in the United Kingdom lost £63,000 ($87,000) to the scam, and there have been reports of other individuals losing more than £20,000 ($25,000).
Sophos says, “Any ‘trades’ and ‘profits’ reported by the app are imaginary; if you are ever allowed to withdraw any of your ‘profits’ in order to build up trust, the crooks will simply give you a tiny bit of your own money back; and when you want to cash out your ‘investment,’ you realize that it’s all smoke and mirrors.”
However, that is not the only scam being conducted. The fake apps used by the gang are also capable of data theft and can allow accounts to be compromised and emptied. The malicious apps are also capable of installing and executing other malicious payloads.
Malicious apps such as fake cryptocurrency trading apps are usually identified as such and do not make it past the Apple App Store’s vetting process; however, the scammers are bypassing the review process by exploiting a loophole in the Apple Developer Program and Enterprise Signatures.
Enterprise mobile device management (MDM) programs are used to control corporate-owned iOS devices via Apple’s Enterprise Developer program using the Apple Enterprise/Corporate Signature feature. This program is intended to be used only for organizations to give them control over employees’ corporate-issued devices. Under this program, the scammers can manage victims’ devices remotely and wipe data, block access to data, enforce locks on devices, and also install bespoke apps such as the fake cryptocurrency trading app. The bespoke apps are not subject to the App Store vetting process.