Cybersecurity researchers have uncovered various cryptocurrency romance scams that take advantage of fraudulent apps making their way to the Apple App Store and Google Play Store.
While opening a private message request on any social media platform, there is a good chance that there will be at least one account waiting to use some kind of cryptocurrency scam to steal your funds.
Add in the idea of Valentine’s DayValentine’s Day and romance and what you have is a very volatile combination. Here’s how scammers are trying to trick victims using “cryptocurrency romance scams,” and how to spot them.
How the latest cryptocurrency romance scam works on Valentine Day?
In one scam detected by Sophos, scammers created and actively maintained a fake Facebook profile that was described as a woman living a luxurious lifestyle in London. Scammers use it to build rapport with their victims before suggesting them to download the fraudulent Ace pro app.
On the App Store, Ace Pro is described as a QR code scanner, but it is actually a fake cryptocurrency trading platform. Once users open the app, they are presented with a trading interface that makes it appear as though they can deposit, withdraw and cryptocurrencies. But as soon as they deposit any money, the money goes straight to the scammers.
Sophos researchers believe the app bypassed App Store security by connecting to remote and benign websites when it was originally submitted for review. This field contains a code for QR scanning, making it appear legitimate to the reviewer. But once the app is approved, the scammers redirect the app to a domain registered in Asia. The domain then sends requests to fetch content from another host, which ends up containing a fake transactional interface.
The MBM_BitScan app is also available on Android, but it’s called BitScan in the Google Play Store. MBM_BitScan and Ace Pro use the same backend infrastructure, similar to legitimate Japanese crypto companies. Most malicious content is hosted on a web interface, making it difficult for Google Play’s top reviewers to detect it as fraudulent.
How to spot and stay away from cryptocurrency romance scams?
One of the reasons cryptocurrency scams are so dangerous is that the wallets scammers use to process stolen cryptocurrencies from victims are difficult to find and track. Therefore, the best cure for cryptocurrencies is to prevent them from actually happening.
The adage “there’s no such thing as a free lunch” applies here. Be as skeptical as possible about strangers who approach you online. Do not click on links or download unknown apps sent to you. Also, be careful with your wallet credentials and never share your encrypted seed or seed phrase with anyone.