Close Menu
  • Home
  • News
  • Politics
  • Health
  • Business
  • Education
  • Opinion
  • Lifestyle
  • Entertainment
Facebook X (Twitter) Instagram
The Meridian Spy
  • Home
  • News
  • Politics
  • Health
  • Business
  • Education
  • Opinion
  • Lifestyle
  • Entertainment
The Meridian Spy
Home»Lifestyle»Sophos reveals Fake Crypto apps on Apple store
Lifestyle

Sophos reveals Fake Crypto apps on Apple store

meridianspyBy meridianspyFebruary 3, 2023No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email
Share
    

Share!

  • Share
  • Tweet

Cybersecurity firm, Sophos, has released new findings on CryptoRom scams, an elaborate financial fraud schemes that prey on and trick dating app users into making fake cryptocurrency investments.

Sophos in its latest report, “Fraudulent Trading Apps Sneak into Apple and Google App Stores,” claimed that the first fake CryptoRom apps —Ace Pro and MBM BitScan, successfully bypass Apple’s strict security protocols.

According to it, previously, cybercriminals used workaround techniques to convince victims to download illegitimate iPhone apps that were not sanctioned by the Apple App Store.

On this, Sophos said it immediately notified Apple and Google and that both have since removed the fraudulent apps from their respective stores.

Senior Threat Researcher, Sophos, Jagadeesh Chandraiah, said: “In general, it’s hard to get malware past the security review process in the Apple App Store. That’s why, when we originally began investigating CryptoRom scams targeting iOS users, the scammers would have to persuade users to first install a configuration profile before they could install the fake trading app.

“This obviously involves an additional level of social engineering—a level that’s hard to surmount. Many potential victims would be ‘alerted’ that something wasn’t right when they couldn’t directly download a supposedly legitimate app. By getting an application onto the App Store, the scammers have vastly increased their potential victim pool, particularly, since most users inherently trust Apple.”

Chandraiah added: “Both apps are also not affected by iOS’ new Lockdown mode, which prevents scammers from loading mobile profiles helpful for social engineering. In fact, these CryptoRom scammers may be shifting their tactics—i.e., focusing on bypassing the App Store review process—in light of the security features in Lockdown.”

He explained that to lure the victim, who was conned with Ace Pro, for instance, the scammers created and actively maintained a fake Facebook profile and persona of a woman supposedly living a lavish lifestyle in London.

“After building a rapport with the victim, the scammers suggested the victim download the fraudulent Ace Pro app and the cryptocurrency fraud unfolded from there.

“Ace Pro is described in the app store as a QR code scanner but is a fraudulent crypto trading platform. Once opened, users see a trading interface where they can supposedly deposit and withdraw currency. However, any money deposited goes directly to the scammers,” he stressed.

In order to get past App Store security, Sophos believes the scammers had the app connect to a remote website with benign functionality when it was originally submitted for review.

The domain included code for QR scanning to make it look legitimate to app reviewers. However, once the app was approved, the scammers redirected the app to an Asian-registered domain. This domain sends a request that responds with content from another host that ultimately delivers the fake trading interface.

According to Sophos, MBM_BitScan is also an app for Android, but it is known as BitScan on Google Play. The report said two apps communicate with the same Command and Control (C2) infrastructure; this C2 infrastructure then communicates with a server that resembles a legitimate Japanese crypto firm. Everything else that is malicious is handled in a web interface, which is why it is hard for Google Play’s code reviewers to detect it as fraudulent.

Share this:

  • Share on WhatsApp (Opens in new window) WhatsApp
  • Tweet

No related posts.

app Store Sophos
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
meridianspy

Related Posts

Speaker Abbas Returns Unopposed As APC Candidate For Zaria Constituency 

May 16, 2026

Man Whose 6 Children, Wife Were Killed in Kano Months Ago Set to Remarry 

April 19, 2026

NBC warns anchors against bullying guests, denying fair hearing

April 18, 2026
Search
Recent Posts
  • Peter Obi is a Social Media Presidential Candidate, His Followers Uncouth – Kenneth Okonkwo
  • Presidency Breaks Silence on Alleged Fake Agency Scandal
  • NDC Secures INEC Portal Access Despite Court Cas
  • Ebola: Experts Warn Nigerians Against Spreading Misinformation
  • CBN Revokes Licences of 46 Microfinance Banks
  • FG Unveils 14 Funding, Skills, and Enterprise Opportunities for Nigerian Youths
  • Abia Qualifies for $500,000 World Bank-Backed Governance Grant
  • Troops Rescue Six Kidnap Victims in Katsina
  • US Supreme Court Upholds Birthright Citizenship, Rejects Trump’s Restriction Bid
  • State Police: Nigeria Must Choose Between Reform and Rising Insecurity — Jude Imagwe
  • South Africa deploys police as anti-migrant protests loom
  • Five-month crude exports fetch Nigeria N20tn
  • FG Urges Marketers to Cut Fuel Costs as Oil Falls
  • 16-Year-Old Girl Emerges Nigeria’s Youngest Chartered Accountant
  • High Court Gives INEC 72 Hours to Register ADA
Categories
  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Investigations
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sport
Access Bank DiamondXtra Season 16 Rewards
  • About us
  • Contact Us
  • News
  • Politics
  • Health
© 2026 All Right Reserved. Designed by Techjuno

Type above and press Enter to search. Press Esc to cancel.