Scammers are taking over iPhones using a new hack.
A new iPhone fraud takes advantage of social engineering to steal millions of dollars from users of dating apps like Bumble and Tinder, as well as a system that assists developers in creating new iOS apps.
The scheme was called "CryptoRom" by cyber security firm Sophos, whose analysts discovered a $1.4 million bitcoin wallet where the attackers were funneling their victims' money.
According to Sophos, the scammers have developed the capacity to remotely take control of victim iPhones using a variant of the CryptoRom assault called "Enterprise Signature." This is a technique that allows businesses to test new iPhone applications with a select group of users before submitting them to the Apple App Store.
“Attackers can target larger groups of iPhone users with their bogus crypto-trading apps and get remote management control over their devices using the Enterprise Signature system's functionality,” Sophos warned in a statement.
"This indicates that the attackers may be able to do more than merely take victims' cryptocurrency assets. For example, they could acquire personal information, create and delete accounts, and install and manage apps for harmful purposes."
According to Sophos, the scam began in Asia and has since spread to the United States and Europe via Bumble and Tinder.
Jagadeesh Chandraiah, the company's lead security researcher, said the danger relies heavily on social engineering at practically every stage.
"First, the perpetrators create convincing false profiles on reputable dating websites. The attackers propose extending the conversation on a messaging platform once they've made contact with a target," Chandraiah added.
"After that, they try to persuade the target to download and invest in a phony bitcoin trading software." The profits appear to be quite good at first, but when the victim asks for their money back or tries to access the funds, they are turned down, and the funds are gone. According to our study, the scammers are making millions of dollars with this scheme."
Scammers used to distribute fraudulent crypto currency trading apps using false websites that looked like a trusted bank or the Apple App Store, according to Chandraiah.
"The addition of the iOS enterprise developer system increases the risk for victims since they may be turning over control of their device and the potential to steal their personal data to attackers," he warned.
"Iphone users should only install apps from Apple's App Store to prevent falling victim to these types of frauds." The golden rule is to avoid anything that appears unsafe or too good to be true, such as someone you don't know informing you about a "wonderful" internet investment program that would make you a lot of money.
Content created and supplied by: Newsflash (via Opera News )
Opera News is a free to use platform and the views and opinions expressed herein are solely those of the author and do not represent, reflect or express the views of Opera News. Any/all written content and images displayed are provided by the blogger/author, appear herein as submitted by the blogger/author and are unedited by Opera News. Opera News does not consent to nor does it condone the posting of any content that violates the rights (including the copyrights) of any third party, nor content that may malign, inter alia, any religion, ethnic group, organization, gender, company, or individual. Opera News furthermore does not condone the use of our platform for the purposes encouraging/endorsing hate speech, violation of human rights and/or utterances of a defamatory nature. If the content contained herein violates any of your rights, including those of copyright, and/or violates any the above mentioned factors, you are requested to immediately notify us using via the following email address operanews-external(at)opera.com and/or report the article using the available reporting functionality built into our Platform See More