Recently, the security team at Sophos says they discovered CryptoRom apps that defeated Apple’s and Google’s app-store security review processes, making their way into the official stores.
This type of fraud uses social engineering in combination with counterfeit financial applications and websites to ensnare victims and steal their money.
Victims of the scam alerted Sophos to the applications and shared details of the criminal operations behind them. In the process of researching the applications, Sophos says it found other apps and uncovered information about the organizations behind these scam operations.
According to Sophos, in both cases, victims were approached through dating applications (Facebook and Tinder). They were then asked to move their conversation to WhatsApp, where they were eventually lured into downloading the apps discussed in this report.
“While the highly developed profiles and backstories used to lure the victims into trusting the guidance provided by the criminals set the table for these scams, the ability to publish the apps used in these schemes in the official stores significantly contributed to their perceived credibility in the eyes of victims,” says Sophos.
The security team says that both Apple and Google have been notified about these apps. Apple’s security team promptly removed them from that app store; Google recently removed the app from the Play store as well.
Article provided with permission from AppleWorld.Today
