Monday, October 7, 2024
HomeCyber security CourseBeware: Malicious Apps On Apple & Google Play Push Users into Fake...

Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

Published on

Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies.

The cybersecurity experts at Sophos uncovered the two fraudulent apps, named:- 

[Ace Pro]

- Advertisement - EHA
Malicious App in Google Play

[MBM_BitScan]

Malicious App in Apple Store

These deceptive apps are part of a scamming scheme, now commonly referred to as “pig butchering,” in which the scammers establish a connection with the victims. While they do so to get them to download an app, and then ultimately convince them to deposit money into the app.

Cybercriminals employ a variety of tactics to deceive victims and steal their personal information or money. One such method is the use of fake websites, malicious advertising, and social engineering. 

The scammers create these fraudulent websites and advertisements to lure unsuspecting victims into giving away their sensitive information or downloading malware onto their devices.

Luring via Dating Apps

Another common tactic is to add fake applications to official app download platforms, which can make it easier for the scammers to gain the trust of their victims

Cybercriminals are using social media platforms such as Facebook and dating apps like Tinder to reach potential victims and trick them into downloading fraudulent applications. These apps appear legitimate and often claim to offer investments in assets such as cryptocurrencies.

A recent study conducted by the cybersecurity firm Sophos has uncovered a sophisticated campaign orchestrated by a China-based threat group named “ShaZhuPan.” 

The findings show that this group operates with a high level of organization, utilizing distinct teams for different tasks such as interacting with victims, handling:-

  • Finances
  • Establishing franchises
  • Laundering money

Apparently, the fraudsters use stolen images from other social media accounts to create fake profiles on Facebook and Tinder and post them under the names of women.

As a result of their efforts, scammers have built profiles that are crafted to appear luxurious, with photos of luxurious restaurants, luxury shops, and exotic locations built to reflect the wealthy lifestyle they are living.

Threat actors often employ tactics to gain the trust of their victims, and once they have established this trust, they can use it to execute their scam. In one such scam, the scammers pretend to have an uncle who works for a financial analysis firm. 

They then launch an invitation to trade cryptocurrency through an app that is available on either the Google Play Store or Apple App Store. The victim is misled into believing that the app is legitimate and that they are making a smart investment by trading through it.

The scam involves guiding the victim through the process of making an investment. The fraudsters direct the victim to create a deposit on a reputable cryptocurrency exchange platform, such as Binance, and then transfer the funds to a seemingly legitimate app created by the fraudsters. 

In the interim, the application connects to a benign server and behaves legitimately unless the app is approved by the user.

They often disguise their malicious apps as legitimate ones, making it easier to fool victims into downloading them. After the app has passed review and been approved for release on app stores, the developer can then make changes to the domain, connecting the app to a malicious server.

As soon as the victim launches the app, they are greeted by the malicious server’s interface for cryptocurrency trading. All of the information displayed is, however, fake, except for the deposit made by the user.

BitScan is available for both platforms and uses the same command and control server but has different vendor names. The domain that they use is actually impersonating bitFlyer, which is a legitimate Japanese crypto-exchange that is not affiliated with this scam.

Recommendation

The act of scamming individuals through pig butchering has become a lucrative endeavor for scammers due to the high profits it generates in a short amount of time. 

This has motivated these individuals to invest the necessary time and effort in building trust with their potential victims. They accomplish this by engaging in extensive communication with them. 

By gaining the trust of their marks, scammers are able to carry out their scheme successfully and walk away with substantial financial gains.

The elaborate process of building a relationship with the victim, the initial payment, and the convincingly designed interface in fake applications make it challenging for individuals to identify the scam. 

This prolonged engagement, combined with the intricate details of the fake interface, makes it difficult for the victim to detect the fraud, even if they have suspicions.

However, experts argue that since the rise of “FinTech” has normalized people’s trust in the software tools they use, a sense of legitimacy has been established with them, especially when these apps are taken from real stores like Apple’s and Google’s.

While these are the few key things that are recommended by the experts:-

  • Do not download any app from unknown sources.
  • Always check the reviews of the apps before installing them.
  • Properly go through the privacy policy.
  • If needed then also ensure the authenticity of the developer/publisher by verifying their details.
  • Also, look for details about the company.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...