Apple compromised: $1.4 million vanishes in a bitcoin dating app scam

TL;DR Breakdown

• Apple’s Developer Enterprise program used to dupe unsuspecting victims.
• The bitcoin address linked to the scam has received over $139 million.

According to a new report, scammers have swindled unsuspicious victims out of a total of $1.4 million. The fraudsters lured unsuspecting individuals in Tinder through fake crypto apps. The imposters tricked users into downloading phoney online apps and siphoned funds from them using Apple’s Developer Enterprise program for distribution.

Apple uses “Super Signature” to reach potential customers. This software is the go-to tool for those seeking to steal sensitive details. Besides, it gives fraudsters easy access since they can distribute apps without Apple App Store reviews. They use an Enterprise Signature profile and a certificate.

A recent Sophos report shows that hackers have been targeting iPhone holders in a CryptoRom scam. CryptoRom is a unique virus that can lurk unnoticed on your device and steal all its information. Android and iOS variants of this scam have targeted victims all over Asia before spreading globally.

Apple’s Enterprise Program

Apple’s Enterprise Program allows the attacker to bypass their app store inspection and share fake apps. The program was just another target in a string of scams. The fraudsters have abused the signature scheme designed to help people submit their applications with ease. In addition, crooks are using enterprise certificates through remote management tools infected with malicious software programs. 

You may think that you can distribute apps signed with these certificates outside your company, but that’s not recommended. This certificate only applies to employee-only uses and should never be shared with others.

To date, the bitcoin address linked to this scam has received over $1.39 million dollars. Most of the victims are iPhone users duped into installing a Mobile Device Management profile. Thus, turning their phone into what’s called a “managed” device.

Bitcoin Scam on the Rise

In the past few months, there have been several bitcoin scams. In April, an Australian man lost $ 87,000 after falling for a crypto scammer’s love potion-like trickery.

The scammers contact you through fake profiles on Facebook and dating apps like Tinder, Bumble, and Grindr. They move the conversation to message apps to get familiar with their victims before luring them into a false sense of security.

A crypto-coin swindler will try to convince you to invest in their scheme. They tell the unsuspecting investor that they need a cryptocurrency trading app. Once they install it, the scammers convince them that they’ll make profits by investing and withdrawing from an account.

The crook will encourage you to put money into their fraudulent scheme. Once the money is in, you can’t withdraw it. Besides, they’ll advise you to invest more or pay “tax” to have your money. Yet, upon refusal, they withdraw the entire amount.