Security experts have recently made a concerning discovery in the world of mobile applications – the first successful “cryptorom” scam apps to bypass Apple’s rigorous App Store vetting process. These two malicious apps, named Ace Pro and MBM_BitScan, have also been found on Google Play, but it is their presence on the typically more secure App Store that has raised red flags among users.
What makes these apps even more alarming is their ability to evade Apple’s Lockdown mode, a feature designed to protect users from advanced social engineering tactics, as reported by Sophos. According to Jagadeesh Chandraiah, a senior threat researcher at Sophos, it is usually challenging to sneak malware past Apple’s security review process. Consequently, scammers previously had to convince users to install a configuration profile before downloading the fake trading app. However, with these apps now on the App Store, scammers have a wider pool of potential victims who inherently trust Apple’s platform.
Cryptorom scams typically start on dating sites, where scammers create fake profiles to lure victims. After establishing a relationship through unmonitored messaging apps, victims are persuaded to download the scam app and engage in crypto trading or investments. In the case of Ace Pro, scammers maintained a fake Facebook profile of a woman living a luxurious life in London to deceive users.
Sophos revealed that the malicious developers likely linked the Ace Pro app, disguised as a QR scanner, to a harmless remote website during the App Store review process. Once approved, the app redirected users to an Asia-registered domain associated with the fraudulent trading interface. Both Ace Pro and MBM_BitScan were found to connect to the same command and control (C2) infrastructure, mimicking a legitimate Japanese crypto firm.
Cryptorom scams are a variant of “pig butchering” fraud originating in Asia, combining romance-based social engineering with fake crypto-trading apps to deceive unsuspecting victims.
In conclusion, the infiltration of cryptorom scam apps on the Apple App Store highlights the evolving tactics of cybercriminals and the importance of vigilance when downloading apps from any platform. Users are advised to exercise caution and skepticism, even when using trusted app stores, to protect themselves from falling victim to such fraudulent schemes.