Two fraudulent cryptocurrency investment applications that were able to bypass the protections put in place by Apple and Google to protect downloads from their mobile app stores have been removed, after being identified as involved in a so-called CyptoRom scam by researchers at Sophos.
In a report released today, Sophos senior threat researcher Jagadeesh Chandraiah described how the two malicious applications were likely able to sneak past the beady eyes of Apple and Google’s moderators by pretending to be something other than what they were.
The two apps, named as Ace Pro and MBM_BitScan, were both developed to be used in a CryptoRom scam, an elaborate type of financial fraud that preys on dating app users, using emotive lures to ensnare their victims and trick them into making fake cryptocurrency investments.
The appearance of the apps in Apple and Google’s store windows is a notable occurrence, he explained, because this is a feat that is usually quite hard to accomplish.
“In general, it’s hard to get malware past the security review process in the Apple App Store,” said Chandriah. “That’s why, when we originally began investigating CryptoRom scams targeting iOS users, the scammers would have to persuade users to first install a configuration profile before they could install the fake trading app.
“This obviously involves an additional level of social engineering – a level that’s hard to surmount,” he added. “Many potential victims would…
