CryptoRom Bitcoin swindlers continue to target vulnerable iPhone and Android users

An illustration of Bitcoin with a financial value graph
(Image credit: eToro)

Cybersecurity researchers from Sophos have revealed a new fraud campaign that involves catfishing on social media, a few fake apps, and a whole lot of cryptocurrency.

The premise is simple - a fraudster will create a fake identity (mostly female) on popular social media and dating sites, find gullible victims, and take them for all they’ve got. 

After exchanging numerous messages and gaining their trust, the attackers will persuade the victims into jointly “investing” in cryptocurrencies, on imitations of popular trading apps. In one such instance, the attackers created RobinHand, a fraudulent version of the popular RobinHood trading platform.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Romance-based money scams are as old as time itself, but many have recently been updated with the proliferation of cryptocurrencies.

Distributing iOS apps

Sophos notes that the criminals were able to distribute these apps even on iOS, by abusing Apple’s “Super Signature” application distribution scheme, as well as TestFlight (a feature used to test “beta” versions of apps before they make it to the actual repository).

The “jointly investing” part is also a trick. As the fraudsters operate the app’s backend, they are able to show the victim’s account as having any amount of money, deepening their trust. However, the victim can never withdraw the money - it’s permanently lost.

The rabbit hole goes even deeper. Once the victim tries to withdraw the funds, and sees that they cannot do that, the fraudsters will suggest they reach out to “customer support”, where they’ll be told to pay 20% “tax” to withdraw the funds, taking every last penny out of their accounts. Those that deny will get a little “nudge” - their love interest will offer to “lend” a part of the tax funds.

The whole operation, dubbed CryptoRom, first targeted the Chinese-speaking community, but as of late, has been expanding globally, Sophos says. 

“These scams are well-organized, and skilled in identifying and exploiting vulnerable users based on their situation, interests, and level of technical ability. Those who get pulled into the scam have lost tens of thousands of dollars,” the report concludes. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.