Apple Developer Program Misused to Steal Millions From Users on Dating Apps: Sophos

According to a recent report by Sophos, scammers are using dating apps to lure victims into downloading fake cryptocurrency apps on both iOS and Android smartphones. In May of this year Sophos published a report on the same type of attack, but at the time believed the attacks were exclusively targeting Asian countries. However, the attacks have now spread, with Sophos learning of victims in Europe, primarily on iOS. The attack involves using Apple's ad hoc distribution method through operations known as “Super Signature services” and “Enterprise Signature services”. Super Signature services use developer accounts to distribute applications, by-passing the Apple App Store, but have a limited number of devices the app can be installed on. The Enterprise Signature services do the same, but with a much higher limit, and uses an enterprise account.

Sophos' report suggests that dating apps are used as social engineering platforms to steal millions of dollars from victims, apps such as Bumble, Tinder, Facebook, and Grindr are among the applications used. After gaining the trust of their victims, scammers persuade victims to install fake crypto apps. Then these scammers prompt the victims to invest a small amount and even entice them with a little profit as bait. As time passes the victim is asked to invest more and more, even being loaned money by the attackers to invest further. However, once suspicions rise or the user invests significantly, their accounts are frozen.

                                               Figure 1 - Sophos News

By checking the scammer's bitcoin address Sophos can see that the scam has cost as much as $1.39 million stolen from victims in the US and Europe. The attack is two-sided, giving cyber crooks the ability to steal money and gain access to victims' iPhones through their fake apps. This means cybercriminals can do more than just steal money through crypto trading investments. Scammers could also collect personal information, manage applications, and add or remove accounts.

To avoid falling into such traps, both iPhone and Android users must ensure they install apps from official Apple and Google Play stores. If something seems risky or too good to be true- it probably is. Do not install or download any apps upon strangers’ recommendations.

For more news and updates, visit

You can also reach out to us on Facebook, & LinkedIn or Contact us directly


Comments are closed
Our team knows the importance of the work we do for our clients. We know that our efforts have a direct impact on your productivity, profitability and success, so we take our tasks seriously! We look forward to providing your company with strong
ROI and value.