The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active.
Pyramid-scheme cryptocurrency scammers are exploiting Apple’s Enterprise Developer Program to get bogus trading apps onto their marks’ iPhones. So far, so good: They’ve made off with at least $1.4 million in ill-gotten gains so far.
That’s according to Sophos Labs, which observed the scam making the rounds on dating sites.
“They strike up a friendship, using the dating game as a ruse, but then quickly move to money, this time in the guise of them doing you a big favor by offering you a chance to join an ‘unbeatable’ investment opportunity,” researchers said in a Wednesday posting.
That investment opportunity involves cryptocurrency trading, with the offer to invest money into cryptocoins in order to reap big profits. To lend a veneer of legitimacy, the crooks offer an “official” iPhone app, purportedly approved by Apple.
“The App Store, like Google’s Play Store equivalent for Android, is by no means immune to malware, fleeceware and other badware apps,” Sophos researchers pointed out. “But totally bogus cryptocurrency trading apps, based on totally bogus trading platforms, rarely make it through.”