new findings about the CryptoRom scam, also known as the “Pig Butchering” method, in its report “ Fraudulent Trading Apps Sneak into Apple and Google App Stores These are professional financial fraudsters who lure users of dating apps and entice them to make supposed investments in cryptocurrencies during a fake romantic relationship. In fact, the money goes directly into the pockets of the fraudsters.
While cybercriminals previously used workaround techniques to convince victims to download illegitimate iPhone apps that were not reviewed and certified by the Apple App Store, they have now, for the first time, managed to place fake CryptoRom apps directly into the official app store. Apps of this type have already been spotted in the Google Play Store.
These are the apps “Ace Pro” and “MBM_BitScan”
The Ace Pro and MBM_BitScan apps have successfully bypassed Apple's strict security protocols, making them accessible to a huge audience. Sophos immediately notified Apple of its discovery and the fraudulent apps were removed from the App Store. The MBM-BitScan app could also be found in the Play Store under the name BitScan. Sophos also immediately informed Google about the app and removed it from the store.
“While we have seen fake apps in the Play Store in the past, this is the first time we have found such applications in the Apple App Store. “In general, it is difficult to get malware through the security review process in the Apple App Store,” said Jagadeesh Chandraiah, senior threat researcher at Sophos.
“For this reason , scammers targeting iOS devices convince users to first install a configuration profile before they could install the fake trading app. This involves an additional layer of social engineering – one that is difficult to overcome. Many potential victims become suspicious that something is wrong when they cannot directly download a supposedly legitimate app. By being able to bring applications directly to the Apple App Store, cybercriminals have vastly increased their potential victim pool and also benefited from the fact that most users inherently trust Apple.
Both apps we found also didn't trigger iOS's new Lockdown mode, which prevents scammers from loading mobile profiles that are useful for social engineering. Given the security features in Lockdown, fraudsters may be changing their tactics – i.e. focusing on bypassing the app store verification process.”
Fall for the scammers
In one specific case where the victim was scammed using Ace Pro, the scammers lured the target with a well-fake Facebook profile of a woman who supposedly leads a lavish lifestyle in London. After establishing a relationship with the victim, the scammers took the victim to WhatsApp and convinced the person to download the fraudulent Ace Pro app. From there, the cryptocurrency scam unfolded.
App as a fly trap
Ace Pro was described in the app store as a QR code scanner, but is a fraudulent crypto trading platform. Once opened, users will see a trading platform where they can supposedly deposit and withdraw currencies. However, the money deposited goes directly to the fraudsters. To bypass App Store security, Sophos researchers believe the scammers connected the app to a website with benign features when it was originally submitted for review.
The domain included code for QR scanning to make it look legitimate to app inspectors. However, once the app was approved, the scammers redirected the app to a domain registered in Asia. This domain sends a request that responds with content from another host, which ultimately delivers the fake trading platform.
The Apple app MBM_BitScan follows a similar approach and also causes mischief on Android devices, but is only listed there as “BitScan”. Both the Apple App Store and Google Play apps communicate with the same command-and-control infrastructure, which in turn contacts a server that resembles a legitimate Japanese crypto company. These fake pages are loaded in runtime, the malicious content remains on the web server and not in the application code. Detection is very difficult because it is not enough for the testers to just look at the code.
The individual steps taken by the CryptoRom fraudsters and further details on how to circumvent the app store security processes can be found in the official English-language report “ Trading Apps Sneak into Apple and Google App Stores “.
What is CryptoRom?
CryptoRom is a cyber scam also known as “Pig Butchering”. The criminals relied on a professionally organized, syndicated fraud operation that used a combination of romantic social engineering and fraudulent crypto trading applications. After a basis of trust has been built, victims are deprived of their savings via well-made fake trading platforms. Sophos
Also read:
- Messenger fraud: fake friends steal millions
- Insects: actually already found in well-known foods?
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

