New 'Tinder Scammer' Is Called CryptoRoom and Steals Thousands of Dollars

Sophos revealed an international cryptocurrency exchange scam called CryptoROM that targets Android users and iPhone via popular dating apps like Bumble and Tinder.

The new investigation, “CryptoROM scammers continue to target vulnerable iPhone/Android users”, is based on first-person accounts and stories that victims of the scam later shared with Sophos when they contacted the company after viewing the aforementioned company's reports on CryptoRoom.

In the new investigation, the company reports that when victims tried to withdraw their investments from one of the fraudulent trading programs, their accounts were frozen and they were blocked from charging up to hundreds of thousands of dollars in fake “income taxes” to regain access.

Worrying growing number of scams

In a case shared with Sophos, a victim was charged $625,000 to regain access to millions of dollars she invested in fake crypto trading, on the recommendation of someone she met on an online dating platform.

Quoting the 'friend', he later claimed to have invested part of his own money to bring his joint investment to $4 million.

According to the scammers, their investment is $3.13 million and they have to pay a 20% income tax, or $625,000, if they want to access their account to withdraw the money. In fact, neither entrepreneurship nor interest is real, and the online 'friend' is part of the scam.

“The CryptoROM scam is a romanticism-focused financial fraud that relies heavily on social engineering at almost every stage,” says Jagadeesh Chandraiah, Sophos senior threat investigator.

“Scammers lure targets through fake profiles on legitimate dating sites and then try to persuade them to install and invest in a fake cryptocurrency trading app. Applications are often installed as web clips and are designed to look a lot like legitimate and trusted applications,” he adds.

Chandraiah also explains that according to the victims of this scam who contacted Sophos in previous articles, the 20% 'profit tax' is only mentioned when they try to withdraw their funds or close the account.

“Victims who have difficulty paying the tax are offered a loan. There are even fake websites that promise to help people recover their funds if they have been scammed. In short, whatever path the increasingly desperate victims take to try to recover their money, there are the scammers waiting for them. People affected tell us that they have lost their life savings or retirement funds because of this scam,” he concludes.

The investigation also discovered instances in which CryptoROM operators directly reached their victims via WhatsApp and text messages, potentially using stolen information.

CryptoROM has new technical features, that's how it works

Sophos research also details new technical aspects of how CryptoROM works. For example, scammers maliciously use Apple's TestFlight feature, which allows a limited group of people to install and test a new iOS app, undergoing a less rigorous review process than that of the bitten apple.

In 2021, Sophos researchers observed that CryptoROM leveraged iOS's Super Signature system and Apple's enterprise program for this purpose.

Researchers have also found that all CryptoROM-related websites used by scammers have a very similar back-end structure and content (logical area of every web page); only the marks, symbols, icon and URL are different.

All of the above could allow scammers to quickly change the sites they use for phishing when a site is discovered and shut down.

Staying Safe: A Challenge in the Cybersecurity Industry

“It is very worrying that people continue to fall into these criminal frameworks, not least because the use of foreign transactions and unregulated cryptocurrency markets means that victims do not have legal protection over the funds they invest,” Chandraiah said, adding “this is an industry-wide problem that is not going to disappear. We need a collective response that includes traceability of cryptocurrency transactions, warning users about these scams, and rapid detection and deletion of fake profiles that allow this type of fraud.”

Sophos has published previous research on CryptoROM and other cryptocurrency transactions and financial fraud. The company has also published reports on other cyber threats faced by consumers and end-users, such as' fleeceware ', where users face additional costs for mobile application services.

Finally, Sophos recommends that iPhone users only install apps through the Apple App Store, just as Android users should do the same from Google Play Store. In addition, all users should consider installing security solutions on their mobile devices, as well as on their computers and home devices, such as Intercept X for Mobile and Sophos Home.

KEEP READING