Fraudulent ‘CryptoRom’ apps bypass Apple and Google’s app review

Image Source: Sophos

UK-based cybersecurity company Sophos announced on Wednesday that it has discovered fraudulent ‘’CryptoRom’’ mobile apps that evaded the app review process on Apple’s App Store and Google Play Store.

The fraudsters approached their victims by creating fake profiles on Tinder and Facebook, and then asked them to move their conversations to WhatsApp, where they were encouraged to download the The Ace Pro and MBM_BitScan apps.

Although The Ace Pro app was listed as a QR scanner app and MBM_BitScan was promoted as a a real-time data tracker for cryptocurrencies on the app stores, they both had fake crypto trading interfaces that were used by the fraudsters to steal money from the victims. One of the victims lost about $4000 using the Ace Pro app, Sophos said.

Image Source Sophos

In order to bypass the review process, fraudsters first connected their apps to a benign server before submitting them, and then switched to the malicious server after the approval which enabled them to change the apps’ functionality.

Image Source Sophos

The cybersecurity firm added that both Google and Apple have been notified about the fraudulent apps and removed them from their marketplaces.

Written by Sophie Blake


Leave a Reply

Your email address will not be published. Required fields are marked *


Twitter replaces its free API with a paid monthly plan

Twitter to offer free API to bots ‘providing good content’, Musk says