Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies.

The cybersecurity experts at Sophos uncovered the two fraudulent apps, named:- 

[Ace Pro]

Malicious App in Google Play

[MBM_BitScan]

Malicious App in Apple Store

These deceptive apps are part of a scamming scheme, now commonly referred to as “pig butchering,” in which the scammers establish a connection with the victims. While they do so to get them to download an app, and then ultimately convince them to deposit money into the app.

Cybercriminals employ a variety of tactics to deceive victims and steal their personal information or money. One such method is the use of fake websites, malicious advertising, and social engineering. 

The scammers create these fraudulent websites and advertisements to lure unsuspecting victims into giving away their sensitive information or downloading malware onto their devices.

Luring via Dating Apps

Another common tactic is to add fake applications to official app download platforms, which can make it easier for the scammers to gain the trust of their victims

Cybercriminals are using social media platforms such as Facebook and dating apps like Tinder to reach potential victims and trick them into downloading fraudulent applications. These apps appear legitimate and often claim to offer investments in assets such as cryptocurrencies.

A recent study conducted by the cybersecurity firm Sophos has uncovered a sophisticated campaign orchestrated by a China-based threat group named “ShaZhuPan.” 

The findings show that this group operates with a high level of organization, utilizing distinct teams for different tasks such as interacting with victims, handling:-

  • Finances
  • Establishing franchises
  • Laundering money

Apparently, the fraudsters use stolen images from other social media accounts to create fake profiles on Facebook and Tinder and post them under the names of women.

As a result of their efforts, scammers have built profiles that are crafted to appear luxurious, with photos of luxurious restaurants, luxury shops, and exotic locations built to reflect the wealthy lifestyle they are living.

Threat actors often employ tactics to gain the trust of their victims, and once they have established this trust, they can use it to execute their scam. In one such scam, the scammers pretend to have an uncle who works for a financial analysis firm. 

They then launch an invitation to trade cryptocurrency through an app that is available on either the Google Play Store or Apple App Store. The victim is misled into believing that the app is legitimate and that they are making a smart investment by trading through it.

The scam involves guiding the victim through the process of making an investment. The fraudsters direct the victim to create a deposit on a reputable cryptocurrency exchange platform, such as Binance, and then transfer the funds to a seemingly legitimate app created by the fraudsters. 

In the interim, the application connects to a benign server and behaves legitimately unless the app is approved by the user.

They often disguise their malicious apps as legitimate ones, making it easier to fool victims into downloading them. After the app has passed review and been approved for release on app stores, the developer can then make changes to the domain, connecting the app to a malicious server.

As soon as the victim launches the app, they are greeted by the malicious server’s interface for cryptocurrency trading. All of the information displayed is, however, fake, except for the deposit made by the user.

BitScan is available for both platforms and uses the same command and control server but has different vendor names. The domain that they use is actually impersonating bitFlyer, which is a legitimate Japanese crypto-exchange that is not affiliated with this scam.

Recommendation

The act of scamming individuals through pig butchering has become a lucrative endeavor for scammers due to the high profits it generates in a short amount of time. 

This has motivated these individuals to invest the necessary time and effort in building trust with their potential victims. They accomplish this by engaging in extensive communication with them. 

By gaining the trust of their marks, scammers are able to carry out their scheme successfully and walk away with substantial financial gains.

The elaborate process of building a relationship with the victim, the initial payment, and the convincingly designed interface in fake applications make it challenging for individuals to identify the scam. 

This prolonged engagement, combined with the intricate details of the fake interface, makes it difficult for the victim to detect the fraud, even if they have suspicions.

However, experts argue that since the rise of “FinTech” has normalized people’s trust in the software tools they use, a sense of legitimacy has been established with them, especially when these apps are taken from real stores like Apple’s and Google’s.

While these are the few key things that are recommended by the experts:-

  • Do not download any app from unknown sources.
  • Always check the reviews of the apps before installing them.
  • Properly go through the privacy policy.
  • If needed then also ensure the authenticity of the developer/publisher by verifying their details.
  • Also, look for details about the company.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago