Friday, June 14, 2024

Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies.

The cybersecurity experts at Sophos uncovered the two fraudulent apps, named:- 

[Ace Pro]

Malicious App in Google Play


Malicious App in Apple Store

These deceptive apps are part of a scamming scheme, now commonly referred to as “pig butchering,” in which the scammers establish a connection with the victims. While they do so to get them to download an app, and then ultimately convince them to deposit money into the app.

Cybercriminals employ a variety of tactics to deceive victims and steal their personal information or money. One such method is the use of fake websites, malicious advertising, and social engineering. 

The scammers create these fraudulent websites and advertisements to lure unsuspecting victims into giving away their sensitive information or downloading malware onto their devices.

Luring via Dating Apps

Another common tactic is to add fake applications to official app download platforms, which can make it easier for the scammers to gain the trust of their victims

Cybercriminals are using social media platforms such as Facebook and dating apps like Tinder to reach potential victims and trick them into downloading fraudulent applications. These apps appear legitimate and often claim to offer investments in assets such as cryptocurrencies.

A recent study conducted by the cybersecurity firm Sophos has uncovered a sophisticated campaign orchestrated by a China-based threat group named “ShaZhuPan.” 

The findings show that this group operates with a high level of organization, utilizing distinct teams for different tasks such as interacting with victims, handling:-

  • Finances
  • Establishing franchises
  • Laundering money

Apparently, the fraudsters use stolen images from other social media accounts to create fake profiles on Facebook and Tinder and post them under the names of women.

As a result of their efforts, scammers have built profiles that are crafted to appear luxurious, with photos of luxurious restaurants, luxury shops, and exotic locations built to reflect the wealthy lifestyle they are living.

Threat actors often employ tactics to gain the trust of their victims, and once they have established this trust, they can use it to execute their scam. In one such scam, the scammers pretend to have an uncle who works for a financial analysis firm. 

They then launch an invitation to trade cryptocurrency through an app that is available on either the Google Play Store or Apple App Store. The victim is misled into believing that the app is legitimate and that they are making a smart investment by trading through it.

The scam involves guiding the victim through the process of making an investment. The fraudsters direct the victim to create a deposit on a reputable cryptocurrency exchange platform, such as Binance, and then transfer the funds to a seemingly legitimate app created by the fraudsters. 

In the interim, the application connects to a benign server and behaves legitimately unless the app is approved by the user.

They often disguise their malicious apps as legitimate ones, making it easier to fool victims into downloading them. After the app has passed review and been approved for release on app stores, the developer can then make changes to the domain, connecting the app to a malicious server.

As soon as the victim launches the app, they are greeted by the malicious server’s interface for cryptocurrency trading. All of the information displayed is, however, fake, except for the deposit made by the user.

BitScan is available for both platforms and uses the same command and control server but has different vendor names. The domain that they use is actually impersonating bitFlyer, which is a legitimate Japanese crypto-exchange that is not affiliated with this scam.


The act of scamming individuals through pig butchering has become a lucrative endeavor for scammers due to the high profits it generates in a short amount of time. 

This has motivated these individuals to invest the necessary time and effort in building trust with their potential victims. They accomplish this by engaging in extensive communication with them. 

By gaining the trust of their marks, scammers are able to carry out their scheme successfully and walk away with substantial financial gains.

The elaborate process of building a relationship with the victim, the initial payment, and the convincingly designed interface in fake applications make it challenging for individuals to identify the scam. 

This prolonged engagement, combined with the intricate details of the fake interface, makes it difficult for the victim to detect the fraud, even if they have suspicions.

However, experts argue that since the rise of “FinTech” has normalized people’s trust in the software tools they use, a sense of legitimacy has been established with them, especially when these apps are taken from real stores like Apple’s and Google’s.

While these are the few key things that are recommended by the experts:-

  • Do not download any app from unknown sources.
  • Always check the reviews of the apps before installing them.
  • Properly go through the privacy policy.
  • If needed then also ensure the authenticity of the developer/publisher by verifying their details.
  • Also, look for details about the company.

Network Security Checklist – Download Free E-Book


Latest articles

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...

0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles