Fake trading apps target cryptocurrencies on Apple and Google Play Stores

The Pig Butchering scam targets crypto users with fake trading apps on the Apple and Google Play stores. These apps, disguised as legitimate platforms, defraud investors, circumvent store controls, and exploit unsuspecting users worldwide.

A targeted fraud campaign Apple iOS and Android users was discovered by GroupIB, which involves fake trading apps. These apps, found on Apple's App Store and Google Play as well as on phishing sites, are part of a pig butchering scam targeting cryptocurrency investors in Asia Pacific, the Middle East and Africa, and European regions directed.

Group-IB's threat intelligence and fraud protection analysts first discovered these fake mobile applications in May 2024 and have been investigating the campaign since then.

According to her report Shared with Hackread.com ahead of Wednesday's release, these applications are built for Android using a single cross-platform framework. One of them was distributed through the Google Play Store, while another targeted iOS devices.

What's worse is that, unlike traditional mobile Trojans, these applications did not have typical malicious features and cybercriminals created the facade of a legitimate trading platform to defraud victims.

The fraudulent apps check the current date and time to bypass Apple's App Store checks and launch a fake activity with mathematical formulas and graphs if it is before 00:00:00 on July 22, 2024 . Android samples are designed to display a fraudulent trading application hosted on the api.fxbrokerscc domain that is part of a larger fraudulent infrastructure.

According to researchers, these fake trading and downloading apps mimic legitimate platforms and may include features such as account settings, transaction history, and stock information. Downloader apps found in the Apple App Store or distributed through phishing websites cause victims to install the fraudulent app.

The malware family used in the pig slaughter scam is UniShadowTradeclassified under the UniApp Framework. This name is given by Group-IB analysts to categorize the fraudulent applications involved in the scam. FYI: The UniApp framework allows developers to build cross-platform applications with a single codebase, making it easier for fraudsters to develop and distribute malware.

What exactly is pig slaughtering?

For your information, Pig slaughtering is an infamous digital scam that involves a meticulous process of targeting victims, building trust, and ultimately scamming them out of their money.

This particular campaign follows a specific pattern: target identification via social media, nurturing and building trust through social engineering techniques, offering a seemingly lucrative investment opportunity in cryptocurrencies or other investments, encouraging a small initial investment, and building trust through small profits.

Scammers pressure their victims into making large investments, transfer funds they can't withdraw, and disappear. This process continues until the victim is no longer able to withdraw the funds, causing significant financial losses and affecting their financial stability.

However, pig slaughter scams can have devastating consequences for victims. By understanding scammers' tactics and taking proactive measures, you can reduce your risk of falling victim to such a scam.

Warning for Android and iOS users

It is a fact that Google, which owns Android, and Apple, which owns the iOS App Store, are doing their best to protect the market from malware and other cybersecurity threats. Despite constant monitoring, cybercriminals often sneak into these stores with malicious apps and raid the bank accounts and crypto wallets of unsuspecting users.

Just last week, Approved by Google a crypto drain app on the Play Store that stole over $70,000 from Android users. On the other hand, in February 2024Apple has approved a fake LastPass password manager app on its iOS App Store. That same month, Apple approved a fake Rabbiy Wallet app that stole millions from unsuspecting users.

Therefore, be particularly careful when downloading an app from one of these stores. Check their reviews, search for the official app on Google, find their social media platforms and confirm whether the app advertised in app stores is legitimate or not.

RELATED TOPICS

1. Phishing scam hits European bank users on iOS and Android
2. Scylla ad fraud stopped by Apple and Google for iOS and Android users
3. Pink Drainer posed as a journalist and stole $3 million from Twitter users
4. Hackers posed as Google supporters to steal $243 million worth of cryptocurrencies
5. Apple mistakenly approved malware disguised as Adobe Flash Player