OXFORD, U.K.  — 三月 16, 2022 —

Sophos, a global leader in next-generation cybersecurity, has released new insight into an international cryptocurrency trading scam called CryptoRom that targets iPhone and Android users through popular dating apps, such as Bumble and Tinder. The new research, “CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users,” is based on first hand stories and content shared with Sophos by victims of the scam who got in touch after seeing Sophos’ previous reports on CryptoRom.

In the new research, Sophos reports that when victims tried to withdraw their investments from one of the fake trading schemes, their accounts were frozen and were charged up to hundreds of thousands of dollars in fake “profit tax” to regain access. According to Sophos, the CryptoRom operation is increasingly well-organised and sophisticated and targets victims all over the world.

Escalating Costs

In one case shared with Sophos, a victim was charged $625,000 to regain access to the $1 million they’d invested in a fake crypto-trading scheme recommended by someone they’d met on an online dating platform. The dating “friend” then claimed to have invested some of their own money to bring their joint stake up to $4 million. According to the scammers, their investment made a profit of $3.13 million, and they were liable for a 20% profit tax, or $625,000, if they wanted to access their account to withdraw funds. In fact, neither the co-investment nor the profits were real, and the online “friend” was part of the scam.

“The CryptoRom scam is romance-centered financial fraud that relies heavily on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The scammers attract targets through fake profiles on legitimate dating sites and then then try to persuade the target to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.

“According to victims of this scam who contacted us after our earlier articles, the 20% ‘profit tax’ is only mentioned when they try to withdraw their funds or close the account. Victims who struggle to pay the tax are offered a loan. There are even fake websites that promise to help people recover their funds if they’ve been scammed. In short, whichever path the increasingly desperate victims go down to try to get their money back, the scammers are there waiting for them. People tell us they have lost a lifetime’s savings or their retirement funds to the scam.”

The Sophos research also found a few cases where the CryptoRom operators had approached targets directly via WhatsApp and SMS messages, probably using stolen information.

New Technical Features

Sophos’ research also details new technical aspects of the CryptoRom operation. For instance, according to Sophos, the fraudsters are misusing Apple’s TestFlight feature that allows for a limited group of people to install and trial a new iOS app and go through a less stringent Apple review process. During 2021, Sophos researchers observed CryptoRom misusing the iOS Super Signature and Apple’s Enterprise Program for the same purpose.

Sophos researchers also found that all the CryptoRom-related websites used by the fraudsters had very similar backend structure and content and that only the brand names, icons and URLs were different. Sophos believes this may enable the scammers to quickly change the websites they use for the scams when one of them is detected and shut down.

Staying Safe - An Industry Issue

“It is deeply worrying that people continue to fall for these criminal schemes, particularly since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection for the funds they invest,” said Chandraiah. “This is an industry wide issue that is not going away. We need a collective response that includes traceability of cryptocurrency transactions, warning users about these scams and quickly detecting and removing the fake profiles that enable this kind of fraud.”

For more information, please read the article “CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users.”

Sophos has published previous research into CryptoRom and other crypto-trading and financial fraud. Sophos has also published reports on other cyberthreats facing consumers and home users, including “fleeceware” where users are severely overcharged for mobile application services.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。