CryptoRom Scam Steals More Than $1.3 Million Through Dating Apps

Dating apps have social uses, but some of the interactions that take place on the apps might involve a malicious party. Scams occur occasionally on these types of apps. You can find fake accounts that often look to expose people’s privacy. The CryptoRom scam is one of the more recent scams that use crypto to lure people in.

The CryptoRom scam involves using loopholes in Apple’s Developer Enterprise Program to create apps that can bypass App Store guidelines. These malicious apps replicate some of the biggest crypto exchanges we know today including Kraken. The enterprise program has been notorious for allowing these apps to pull off various scams. Sophos is one cybersecurity company that has brought these scams to light.

The Apple Enterprise Program is a program intended for businesses to build and test out apps. The program is only meant to have these businesses test out the app internally with employees. It’s a much less strict process than having an app approved on the App Store.

To be eligible for the program, the company must be legit and must consist of 100 employees or more. So, small businesses like DBAs aren't eligible. If a business is accepted into the program, it costs $299 per year for a membership and the entity will receive a license.

There's also Apple’s ad hoc distribution, which is a method that can be a loophole for scammers. The ad hoc distribution allows users to distribute their developing app to a small number of people, which also bypasses many guidelines that apps in the App Store have to follow.

Scammers have found ways to abuse the privileges that come with the enterprise program, especially with the app not being on the App Store. The membership allows these app developers to create apps that can bypass permissions, breach users' privacy, and use illegal tactics within the apps. The program has been misused for multiple years. There have been some members that sell their enterprise program accounts to others, while other people are approached in potentially selling theirs.

In February 2019, Reuters reported that some Apple Enterprise members were distributing the app to the general public instead of employees. Other program abusers would create applications like streaming apps, that bypassed in-app software such as advertisements and in-app purchases that link back to Apple. As a result, fraudulent apps and software that solicit adult content or fake financial schemes have been an issue for victims.

It hasn’t just been small or fraudulent businesses that have gotten their licenses revoked. Facebook and Google had their certificates taken away before. The two companies were reportedly caught violating the program’s app distribution policy.

Sophos says that the scam first starts on popular dating apps like Tinder, Bumble, Facebook Dating, and Grindr. The malicious entity then persuades the victim to continue the conversation on a messaging platform. WhatsApp is a common app.

The malicious party will then ask the victim to download a fake investing or trading app. In many cases, the app will resemble a popular crypto trading app like Binance or Bitfinex. Because Apple Enterprise apps aren't on the App Store, the victim will be guided to visit a website that resembles the application marketplace.

When the app is being downloaded from the website, the victim will have to give permission to trust the app. At that point, the target's information is exposed. The scammer will then ask the victim to make an investment, and the victim will see a profit from that investment.

The profit is used to persuade the victim into investing even more by sending money to a crypto wallet address. When the person wants to withdraw their profits, the account is locked. Sophos reported that one crypto wallet address involved with the CryptoRom scam received over $1.39 million in transfers. Sophos reported the findings to Apple, but currently hasn't received a response.