By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

More than $1.4 million has been stolen from victims through a cryptocurrency-related scam perpetrated through dating apps. Sophos has released a new report this week about a dating app scam that led to the theft of millions of dollars from people on Tinder, Bumble, Grindr, Facebook Dating, and similar apps. After gaining their trust in these dating apps, scammers convinced victims to download fake crypto apps, where they duped them into investing money before freezing the accounts. The scammers were somehow able to easily game Apple's Developer Enterprise program -- and the Apple Enterprise/Corporate Signature -- to distribute these fraudulent crypto apps, which were masquerading as Binance and other legitimate brands. Sophos said its threat hunters observed the scammers abusing Apple's Enterprise Signature to manage victims' devices remotely. Apple did not respond to requests for comment. Sophos also contacted Apple about the issue and did not get a response. Named "CryptoRom," according to Sophos researchers Jagadeesh Chandraiah and Xinran Wu, the scam has led to at least $1.4 million being stolen from victims in the US and EU. In their report, the two say that the attackers moved beyond going after victims in Asia and instead are now targeting people in Europe and the US. Sophos researchers even managed to find a Bitcoin wallet that was being controlled by the attacker's thanks to one victim, who shared the address he initially sent the money to before being shut out. Chandraiah said the CryptoRom scam relies heavily on social engineering at almost every stage. Victims came to Sophos to discuss the scam and the researchers found other reports of people being taken advantage of. "First, the attackers post convincing fake profiles on legitimate dating sites. Once they've made contact with a target, the attackers suggest continuing the conversation on a messaging platform," Chandraiah said. "They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost. Our research shows that the attackers are making millions of dollars with this scam." Victims are initially contacted on apps like Bumble, Tinder, Facebook dating, and Grindr before the conversation is moved to other messaging apps. From there, the conversation is steered toward getting victims to install fake trading applications onto their devices. Once a victim is drawn in, they are asked to invest a small amount before being locked out of accounts if they demand their money back. The attack is two-pronged, giving cybercriminals the ability to steal money from victims and gain access to their iPhones. According to Wu and Chandraiah, the attackers are able to use "Enterprise Signature" -- a system built for software developers that assists enterprises with pre-test new iOS applications with selected iPhone users before they submit them to the official Apple App Store for review and approval. "With the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their fake crypto-trading apps and gain remote management control over their devices. This means the attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes," the researchers said. Chandraiah added that until recently, criminal operators mainly distributed the fake crypto apps through fake websites that resemble a trusted bank or the Apple App Store. "The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data," Chandraiah said. "To avoid falling victim to these types of scams, iPhone users should only install apps from Apple's App Store. The golden rule is that if something seems risky or too good to be true – such as someone you barely know telling you about some 'great' online investment scheme that will deliver a big profit – then sadly, it probably is." Follow this thread on OUR FORUM

A developer who designed a tool to let people essentially delete their Facebook news feeds says he was served with a cease-and-desist letter and permanently kicked off the tech giant's platform. Louis Barclay, a developer in the UK, is the creator of a browser extension called Unfollow Everything. The extension lets users automatically unfollow all their friends and pages on Facebook, leaving their news feed blank. Barclay told Insider people could still connect to their friends and family on Facebook when using the extension. Barclay published Unfollow Everything on the Google Chrome store in July 2020 and said it attracted attention from researchers at the University of Neuchâtel in Switzerland, who wanted to study the impact of having no news feed on people's happiness on Facebook, as well as the amount of time they spent on the platform. In July of this year, Barclay received a cease-and-desist letter from Facebook's lawyers, he said. Barclay published a redacted version of the letter online. Insider reviewed an unredacted version to verify its authenticity. Barclay, who published a Slate article on Thursday detailing his experience, told Insider he received the letter five hours after trying to log in to his Facebook account and finding it was disabled. The letter, from the law firm Perkins Coie, told Barclay that Unfollow Everything broke Facebook's rules on automated collection of user content without Facebook's permission and that it infringed Facebook trademarks. It also said Facebook's terms prohibited interfering with the "intended operation of Facebook" and encouraging others to break Facebook's rules. It also informed Barclay he was barred from both Facebook and Instagram. "I was really scared, and I was very anxious," Barclay told Insider. Facebook's letter took him by surprise, he said, adding that Unfollow Everything had only 2,500 weekly active users and 10,000 downloads. "It was definitely growing, but it wasn't huge," he said. "Apart from that I just very much saw it as something that improves the Facebook experience for Facebook users," he added, saying he got "amazing feedback" from people saying they "were using Facebook in a way that was much healthier for them." Barclay said he sought legal guidance on whether he could challenge the letter but learned that since he's based in the UK he'd be liable for Facebook's legal costs if he lost. "Facebook is a trillion-dollar company. I couldn't afford that risk," Barclay wrote in his Slate article. Barclay said getting banned after having an account on Facebook for 15 years was a blow, especially because he still used the platform, and Facebook Messenger in particular, to stay in touch with friends around the world. "It's really horrible to have been cut off from that for a reason that feels to me very unfair," Barclay told Insider. Nonetheless, he sees a silver lining in getting cut off from Facebook. "I've been trying to reduce my usage of Facebook for years now, including by making tools like Unfollow Everything. So I'm actually pretty grateful to Facebook that they've helped me take my addiction levels down to a flat zero," he told Insider. For more visit OUR FORUM.

A newly discovered data exfiltration mechanism employs Ethernet cables as a "transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. "It's interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, told The Hacker News. Dubbed "LANtenna Attack," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, the data decoded, and sent to an attacker who is in an adjacent room. "Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine," the researchers noted in an accompanying paper titled "LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables." Air-gapped networks are designed as a network security measure to minimize the risk of information leakage and other cyber threats by ensuring that one or more computers are physically isolated from other networks, such as the internet or a local area network. They are usually wired since machines that are part of such networks have their wireless network interfaces permanently disabled or physically removed. This is far from the first time Dr. Guri has demonstrated unconventional ways to leak sensitive data from air-gapped computers. In February 2020, the security researcher devised a method that employs small changes in LCD screen brightness, which remain invisible to the naked eye, to modulate binary information in morse-code-like patterns covertly. Then in May 2020, Dr. Guri showed how malware could exploit a computer's power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker to leak data in an attack called "POWER-SUPPLaY." Lastly, in December 2020, the researcher showed off "AIR-FI," an attack that leverages Wi-Fi signals as a covert channel to exfiltrate confidential information without even requiring the presence of dedicated Wi-Fi hardware on the targeted systems. The LANtenna attack is no different in that it works by using the malware in the air-gapped workstation to induce the Ethernet cable to generate electromagnetic emissions in the frequency bands of 125 MHz that are then modulated and intercepted by a nearby radio receiver. In a proof-of-concept demo, data transmitted from an air-gapped computer through its Ethernet cable was received at a distance of 200 cm apart. Like other data leakage attacks of this kind, triggering the infection requires the deployment of the malware on the target network via any one of different infection vectors that range from supply chain attacks or contaminated USB drives to social engineering techniques, stolen credentials, or by using malicious insiders. As countermeasures, the researchers propose prohibiting the use of radio receivers in and around air-gapped networks and monitoring the network interface card link-layer activity for any covert channel, as well as jamming the signals, and using metal shielding to limit electromagnetic fields from interfering with or emanating from the shielded wires. Visiting OUR FORUM you can learn more.