Apple Enterprise provisioning — the system that allows companies to authorize home-grown apps for internal use — is a soft target.
From Mike Wuerthele’s “Thieves abused Apple’s enterprise app programs to steal $1.4 million in crypto” posted Thursday on AppleInsider:
The CryptoRom fraud implementation is fairly straight-forward — after gaining a victim’s trust through social media or existing data apps, users are fooled into installing a modified version of a cryptocurrency exchange, baited into investing, and then defrauded out of cash.
After gaining the trust of the victim through the dating apps, scammers start discussing cryptocurrency investments. They are then directed to a website that looks like the Apple App Store, and then told to download a Mobile Device Management profile, giving control of a number of features, and the ability to use signed apps made by the fraudsters.
Upon returning to the fake App Store webpage, the unsuspecting user is then prompted to download an app signed with a certificate associated with the Mobile Device Management profile through either Apple Enterprise provisioning or the Super Signature distribution method. The app in question is a bogus version of the Bitfinex cryptocurrency trading application.
The victim is then convinced to make a small investment into a cryptocurrency as a proof of concept, and is allowed to withdraw the profits. When a larger deposit is made, the victim finds that it cannot be withdrawn and is told by the assailant either just pulls the money for themself, that more must be invested, or a tax must be paid to pull the money out.
My take: A taste of the kind of trickery we can look forward to if the EU ever forces sideloading down Apple’s throat?
See also: Apple makes the case against sideloading