In the first case we investigated, the victim was based in Switzerland. The target met his “potential partner,” a person or persons who used a profile of a woman purportedly based in London, through Facebook Dating. Google recently removed the app we reported from the Play store as well. Apple’s security team promptly removed them from that app store. While the highly developed profiles and backstories used to lure the victims into trusting the guidance provided by the criminals set the table for these scams, the ability to publish the apps used in these schemes in the official stores significantly contributed to their perceived credibility in the eyes of victims.īoth Apple and Google have been notified about these apps. They were then asked to move their conversation to WhatsApp, where they were eventually lured into downloading the apps discussed in this report. In both cases, victims were approached through dating applications (Facebook and Tinder). In the process of researching the applications, we found other apps and uncovered information about the organizations behind these scam operations. Victims of the scam alerted us to the applications and shared details of the criminal operations behind them. Recently, we discovered CryptoRom apps that defeated Apple’s and Google’s app-store security review processes, making their way into the official stores. For the past two years, we’ve researched such scams, and have examined ways that their operators have evaded Apple’s security checks by avoiding the app store and using ad-hoc methods to drop malicious applications onto victims’ phones. This type of fraud uses social engineering in combination with counterfeit financial applications and websites to ensnare victims and steal their money.
CryptoRom is a romance-centered approach to financial fraud and a form of what is also known as “pig butchering” or “sha zhu pan” (杀猪盘, literally “pig butchering plate”).