Scam crypto app makes it to Apple App Store

Researchers at Sophos have published details of what the company says are the first fake crypto apps to bypass Apple’s security protocols to list on the App Store.

The fake CryptoRom apps, which also made it onto the Google Play store, are designed to trick dating app users into making fake cryptocurrency investments.

Sophos Senior Threat Researcher Jagadeesh Chandraiah said when the security company first started tracking CryptoRom scams targeting iOS users, scammers were having to persuade users to first install a configuration profile before they could install the fake trading app.

“By getting an application onto the App Store, the scammers have vastly increased their potential victim pool, particularly since most users inherently trust Apple,” he said.

“Both apps are also not affected by iOS’s new Lockdown mode, which prevents scammers from loading mobile profiles helpful for social engineering. In fact, these CryptoRom scammers may be shifting their tactics — ie, focusing on bypassing the App Store review process — in light of the security features in Lockdown.”

One of the malicious apps, Ace Pro, is described in the app store as a QR code scanner. Once opened, the fraudulent crypto trading platform presents a trading interface where victims can ostensibly deposit and withdraw currency. But any deposited money is instead sent directly to scammers.

Sophos said the company believes Ace Pro was able to bypass App Store security by having the app connect to a remote website with benign functionality when it was originally submitted for review. Upon approval, the app was redirected to multiple domains which ultimately deliver the fake trading interface.

Image credit: iStock.com/aprott