After targeting mobile users for about a year, the CryptoRom scam is again active in the wild via sideloaded apps. The latest malware campaign involves CryptoRom exploiting iOS features to bypass app approvals.
CryptoRom Scam Spread Via Sideloaded Apps
Researchers from Sophos have shared details about the latest CryptoRom scam actively targeting mobile users via sideloaded apps. Though CryptoRom isn’t a new scam, the malicious campaign has now resurfaced with improved evasive capabilities.
As elaborated in their post, CryptoRom’s early campaigns used romance-based social engineering tactics to steal money. The threat actors also targeted victims via fake financial apps. For this, the threat actors used to gain victims’ trust by first connecting via social media and dating platforms. In some cases, the attackers also exploited publicly available information to drop random WhatsApp messages, mentioning lucrative returns on fake apps.
Now, the threat actors have further improved their strategies. As observed in recent campaigns, the threat actors now bluff users with fraudulent apps while exploiting Apple’s TestFlight and WebClips features.
Briefly, the TestFlight feature allows Apple app developers to invite users to test their apps in beta. Developers can send these invitations via emails or public links. But the attackers exploit this feature to bluff Apple users. As stated in the post,
“TestFlight Signature” is available as a hosted service for alternative iOS app deployment, making it all too simple for malware authors to abuse. These third-party services are extensively abused by CryptoRom authors.
Whereas they also abuse the WebClips feature to bypass security checks.
WebClips are a mobile device management payload that adds a link to a web page directly to the iOS device’s home screen, making it look to less sophisticated users like a typical application.
The attackers running the malicious campaign have set up legit-looking web pages to trick victims.
And the attack doesn’t remain limited to iOS users only. Instead, the campaign also targets Android users via fraudulent apps.
Avoiding The Scam
After discovering the fraudulent apps, the researchers informed Apple and Google about the matter. However, since such scams may keep surfacing online now and then, the researchers advise users to remain cautious. Particularly, users should avoid sideloading apps to avoid downloading potentially dangerous stuff.
Also, the researchers urge banks and financial institutions to provide traceability for cryptocurrency transactions.
