Monday, March 4, 2024

Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies.

The cybersecurity experts at Sophos uncovered the two fraudulent apps, named:- 

[Ace Pro]

Malicious App in Google Play


Malicious App in Apple Store

These deceptive apps are part of a scamming scheme, now commonly referred to as “pig butchering,” in which the scammers establish a connection with the victims. While they do so to get them to download an app, and then ultimately convince them to deposit money into the app.

Cybercriminals employ a variety of tactics to deceive victims and steal their personal information or money. One such method is the use of fake websites, malicious advertising, and social engineering. 

The scammers create these fraudulent websites and advertisements to lure unsuspecting victims into giving away their sensitive information or downloading malware onto their devices.

Luring via Dating Apps

Another common tactic is to add fake applications to official app download platforms, which can make it easier for the scammers to gain the trust of their victims

Cybercriminals are using social media platforms such as Facebook and dating apps like Tinder to reach potential victims and trick them into downloading fraudulent applications. These apps appear legitimate and often claim to offer investments in assets such as cryptocurrencies.

A recent study conducted by the cybersecurity firm Sophos has uncovered a sophisticated campaign orchestrated by a China-based threat group named “ShaZhuPan.” 

The findings show that this group operates with a high level of organization, utilizing distinct teams for different tasks such as interacting with victims, handling:-

  • Finances
  • Establishing franchises
  • Laundering money

Apparently, the fraudsters use stolen images from other social media accounts to create fake profiles on Facebook and Tinder and post them under the names of women.

As a result of their efforts, scammers have built profiles that are crafted to appear luxurious, with photos of luxurious restaurants, luxury shops, and exotic locations built to reflect the wealthy lifestyle they are living.

Threat actors often employ tactics to gain the trust of their victims, and once they have established this trust, they can use it to execute their scam. In one such scam, the scammers pretend to have an uncle who works for a financial analysis firm. 

They then launch an invitation to trade cryptocurrency through an app that is available on either the Google Play Store or Apple App Store. The victim is misled into believing that the app is legitimate and that they are making a smart investment by trading through it.

The scam involves guiding the victim through the process of making an investment. The fraudsters direct the victim to create a deposit on a reputable cryptocurrency exchange platform, such as Binance, and then transfer the funds to a seemingly legitimate app created by the fraudsters. 

In the interim, the application connects to a benign server and behaves legitimately unless the app is approved by the user.

They often disguise their malicious apps as legitimate ones, making it easier to fool victims into downloading them. After the app has passed review and been approved for release on app stores, the developer can then make changes to the domain, connecting the app to a malicious server.

As soon as the victim launches the app, they are greeted by the malicious server’s interface for cryptocurrency trading. All of the information displayed is, however, fake, except for the deposit made by the user.

BitScan is available for both platforms and uses the same command and control server but has different vendor names. The domain that they use is actually impersonating bitFlyer, which is a legitimate Japanese crypto-exchange that is not affiliated with this scam.


The act of scamming individuals through pig butchering has become a lucrative endeavor for scammers due to the high profits it generates in a short amount of time. 

This has motivated these individuals to invest the necessary time and effort in building trust with their potential victims. They accomplish this by engaging in extensive communication with them. 

By gaining the trust of their marks, scammers are able to carry out their scheme successfully and walk away with substantial financial gains.

The elaborate process of building a relationship with the victim, the initial payment, and the convincingly designed interface in fake applications make it challenging for individuals to identify the scam. 

This prolonged engagement, combined with the intricate details of the fake interface, makes it difficult for the victim to detect the fraud, even if they have suspicions.

However, experts argue that since the rise of “FinTech” has normalized people’s trust in the software tools they use, a sense of legitimacy has been established with them, especially when these apps are taken from real stores like Apple’s and Google’s.

While these are the few key things that are recommended by the experts:-

  • Do not download any app from unknown sources.
  • Always check the reviews of the apps before installing them.
  • Properly go through the privacy policy.
  • If needed then also ensure the authenticity of the developer/publisher by verifying their details.
  • Also, look for details about the company.

Network Security Checklist – Download Free E-Book


Latest articles

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles