Sophos has released a new report detailing a dating app scam in which attackers have stolen millions of dollars from people using platforms such as Tinder, Bumble, Grindr, Facebook Dating, and similar apps. Scammers gain the trust of targets on the dating apps, eventually convincing them to download fake crypto apps where the victims are tricked into investing money before freezing the accounts. The scammers were able to take advantage of the Apple Developer Enterprise Program to distribute the fraudulent crypto applications pretending to be Binance and other legitimate brands. Sophos also allegedly observed the scammers using Apple’s Enterprise Signature to manage victims’ devices remotely.
According to Sophos, Apple did not respond to requests for comment. The cybersecurity firm also contacted Apple about the issue and did not receive a response. The scam has head to at least $1.4 million being stolen from victims in both the US and the EU. Attackers initially targeted victims in Asia but have since shifted geographic regions to Europe and the US. Sophos researchers were able to locate a Bitcoin wallet under the control of the attackers after one victim shared the address he initially sent the money to before being shut out. These types of attacks rely heavily on social engineering.