apple: Thieves Steal $ 1.4 Million By Abusing Apple’s Corporate App Programs: Report


hacker Have stolen at least $ 1.4 million from a number of people through KryptoRoam Attacks with a combination of social media, Dating apps, Cryptocurrency and abuse of Apple‘S Business developer program, according to a report from AppleInsider.
The scam has been around for about six months and Apple’s iOS Platform is the goal, says the report. The scammers modus operandi starts with gaining the target’s trust via social media or data apps. After that, the victim is tricked into installing a modified version of a cryptocurrency exchange through a website that resembles the appearance of the Apple Appstore from where they are tempted to invest as the target company is asked to download a Mobile Device Management profile. After that, the scammers cheat victims out of cash, the report adds.
A victim lost approximately $ 87,000 in this scam, with losses of $ 45,000 and $ 25,000 also reported by others, according to a report by Sophos. Cybersecurity researchers have found a Bitcoin address to which just under $ 1.4 million has been transferred. Given that it is a single address and many more could be used by scammers, the amount of money stolen could be higher.
“When returning to the fake App Store website, the unsuspecting user is prompted to download an app that is signed with a certificate that is linked to the Mobile Device Management profile, either via the Apple Enterprise deployment or the Super Signature Distribution method. The app in question is a fake version of the Bitfinex cryptocurrency trading application, ”the report said.
The report adds, “The victim is then convinced to make a small investment in a cryptocurrency as a proof of concept and is allowed to withdraw the profits. When a larger deposit is made, the victim realizes that it cannot be withdrawn and is told by the attacker that they either simply withdraw the money themselves, that more needs to be invested, or that a tax needs to be paid to withdraw the money.


Leave a Reply