Tinder, grinder or pump, a new type of cryptocurrency fraud

Experts at computer security firm Sophos named it “Cryptorome” because it is a bizarre combination of two components: cryptocurrency scams and dating applications. A New reportReleased on Wednesday, October 13th, it highlights sophisticated methods of extorting money, especially relying on misused victimized applications.

According to various victim cases investigated by Sophos, hackers who lend themselves to this type of fraud often go through dating apps like Grinder, Tinder or Bumble. The first relationship was established between the fraudster and his target, during which, according to the report, the hacker first tried to move the conversation to a news app like WhatsApp. Then, during the transaction, the fraudsters then try to persuade their victims to establish an application to invest in cryptocurrencies. And this scam is very sophisticated.

Awareness of Outsmart Apple

In fact, most of the victims identified by Sophos used an iPhone, and it is considered that the environment of Apple phones is very closed, which greatly controls the risk of downloading infected apps. The company uses programs that authorize developers to distribute their applications in the App Store (iOS Application Store) – or not. In principle, therefore, if you do not “break” the operating system of an iPhone, it is not possible to install the software without going to this platform, where distributed programs are analyzed to ensure that they do not contain any viruses.

But the hackers who carry out these scams have used many methods to deceive these security measures and succeed in “signing” the malware, i.e., authenticate them with iOS, so get permission to install them there.

One of these methods, Called Super Manuscript, The application test program provided by Apple to allow exploitation and hijacking to install untested software on a limited number of devices. The second, which works in a somewhat similar style, still relies on the certificates used to install an application on many devices. As Sophos points out, there are business services that sell signatures that hackers can buy to install fraudulent processors on the iPhone. Once these signatures are obtained, fraudsters should take the victims to a webpage that looks like the App Store and encourage them to download their fake investment applications.

Victims in France

The company points out in its report that the spectrum of action of fraudsters using these methods is much broader than initially estimated. In an initial release in May, Sophos estimated that the victims were mainly in Asia, but has since found targets in Europe, especially in France, Hungary and the United Kingdom and the United States. The campaign identified by Sophos is lucrative: one of the bitcoin wallets used by hackers received nearly $ 1.4 million in installments.

Once pseudo-applications are installed, for some as real trading and investment software, dedicated to cryptocurrencies, but not forex or traditional stock transactions. The first payment is forced, the victims are attracted to the first profit, they can pay for it. Then they are encouraged to extort large sums by thieves, which, for their part, will never be redeemed.