A new iPhone scam uses social engineering to rake in millions from users using dating apps such as Bumble and Tinder, as well as a system which helps developers build new iOS apps.

According to Sophos, the scammers have acquired the ability to take over victim iPhones remotely in a version of the CryptoRom attack where they leverage “Enterprise Signature”. This is a system that helps organisations to pretest new iPhone applications with selected users before they are submitted to the Apple App Store for review and approval.

The scam was dubbed “CryptoRom” by cyber security firm Sophos, whose researchers uncovered a $1.4m bitcoin wallet to which the group of attackers were funnelling the money of their victims.

“With the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their fake crypto-trading apps and gain remote management control over their devices,” Sophos said in a statement.

Sophos said the scam started in Asia but has broadened its victim base to the US and Europe using Bumble and Tinder.

“This means the attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes.”

The company’s senior threat researcher, Jagadeesh Chandraiah, said the threat relies heavily on social engineering at almost every stage.

“First, the attackers post…

Read more…