Save up to $1,100 on Galaxy S24 Ultra!
Amazon Black Friday is here
The Amazon Black Friday deals are here early, enjoy the best discounts of the year now.
00 days
00 hrs
00 mins

Hackers used Tinder to break into iPhones, stealing $1.4M Bitcoin

By
5comments
Google News Follow
Follow us on Google News
iOS Apps
Hackers used Tinder to break into iPhones, stealing $1.4M Bitcoin
Yet another group of ingenious hackers has recently been discovered by cybersecurity firm Sophos, executing quite an elaborate scam on an international level. The scammers have been siphoning hundreds of thousands of dollars from unsuspecting victims via the most unlikely of means: dating apps. By the time they were discovered, they'd already pilfered $1.4 million—all in the form of Bitcoins.

The identities of the scammers and where the attacks originated from remain unknown, but Sophos was able to uncover their digital stash, which contained all the illegally accumulated wealth directed into a single (and jam-packed) Bitcoin wallet. Sophos has named the scheme "CryptoRom," and it was a show of a truly impressive level of skill in both programming and social engineering.

CryptoRom's victims were all iPhone owners


Although Apple has always touted its prioritization of top-notch security within its ecosystem, we all know that complete immunity is not only impossible, but often not the case, even with iPhones. 

And recently, over and over we've been hearing of cases where the iPhone's security safeguards ultimately failed their users—with the most recent discovery being an iOS 15 bug that leaves your phone vulnerable to being wiped remotely.

The hackers got into victims' iPhones via the Enterprise Signature system meant for developers


The victims from whom CryptoRom stole $1.4 million were all iPhone owners, and the hackers took advantage of the Enterprise Signature system particular to iPhones. Essentially, this system gives developers the ability to perform testing on new iPhone apps before submitting them to Apple for approval. 

Apparently, the Enterprise Signature was also a hidden backdoor allowing illegal access to personal devices, which could be (and was) exploited by malicious actors.


First, the attackers created fake Bitcoin trading apps. Then, they made fake online dating profiles


What makes the scam so elaborate is that it is highly intricate not only on a software level, but also on a social level. First, the CryptoRom perpetrators created fake Bitcoin trading apps, all of which funneled any money that went through through them into a single Bitcoin wallet, likely owned by the mastermind behind it all. 

Recommended Stories
Then, the scammers made a number of fake online profiles on dating apps such as Tinder and Bumble. Once they connected with someone, they committed to the fake relationship until they could convince their victims that they were making a lot of money off of the shady Bitcoin trading apps.

The facade was maintained until finally, they got the person on the other end to also invest a certain amount into said app. Of course, once that was done, the money went straight into the scammers' Bitcoin wallet. However, that's not where the damage stopped. 

The victims lost their money, and their iPhones (essentially)


Not only did this cost the victim a few hefty dollars—maybe hundreds, or thousands—but it also gave the attackers uninhibited access into their iPhone and all kinds of personal data. "With their fake crypto-trading apps, [the attackers could] gain remote management control over their devices," reported Sophos in a statement last week (via Business Insider).

While the scam first began spreading in Asia, it was quite successful and eventually made its way to international victims in the United States and Europe. And all of its profits were made off the backs of unsuspecting dating app users, leveraging the rising hype around cryptocurrency to essentially catfish their victims into unwittingly giving up both their money and privacy.


Did Apple allow these scam cryptocurrency apps into the App Store?


Because Apple continues to fight against the idea of allowing the downloading of apps from anywhere but the official App Store, there seems little merit to believe anything else but that these fake Bitcoin trading apps had, in fact, been approved by Apple to be published in the App Store.

Currently, unlike Android, app sideloading is still an impossibility on iOS (although legal battles may be putting an end to that soon), which puts Apple in serious hot water for allowing such a horrible scheme to take place, and for letting it go unnoticed for such a long period of time. 

Although Apple has certainly always focused on privacy much more than competing companies, it seems that the illusion of perfect protection within Apple's ecosystem is slowly beginning to crumble, as incidents like this keep happening.

Neither the pernicious apps nor the scammers have been named by Sophos, and we must assume that the applications have since been removed from the App Store. No part of this issue has been addressed by the company as of yet.





Recommended Stories

Loading Comments...

Popular stories

T-Mobile introduces welcome change for iPhone users
T-Mobile introduces welcome change for iPhone users
Time has come to say goodbye to T-Mobile app after 12 years
Time has come to say goodbye to T-Mobile app after 12 years
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
People are hearing voices coming from their iPhone
People are hearing voices coming from their iPhone
This better not be happening: YouTube Premium users are seeing ads
This better not be happening: YouTube Premium users are seeing ads
Best Buy is now selling the 512GB OnePlus 12 flagship at its killer Black Friday price
Best Buy is now selling the 512GB OnePlus 12 flagship at its killer Black Friday price

Latest News

Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
Apple releases iPhone and iPad security updates you should install ASAP
Apple releases iPhone and iPad security updates you should install ASAP
FCC OKs Cingular\'s purchase of AT&T Wireless