Disguised under popular brand names, 167 fake applications for trading and cryptocurrency were scamming people out of their money – until Sophos researchers exposed them and published a report detailing the extent of the scam.
The researchers explained that the attackers camouflaged these apps to look like trusted trading platforms. The scam involved fake websites, fraudulent App Store download pages, and other social engineering techniques.
The oversight that allowed the researchers to discover the scam was that the attackers used a single server to host many of these apps. What’s more, the “live chat” option on the fraudulent platforms gave the researchers the same answers, even though the apps used were different. This also raises the question of whether this was orchestrated by a single actor or many.
The scam ran on multiple levels: First, the scammers would befriend people on social media apps to get them to install and deposit money via these fake platforms. Once the target considered withdrawing funds or closing the account with a particular app, the attackers would block them from doing so.
Other cases included creating a bogus website for an official financial institution with a download link for a fake app. The scammers even created fake App Store download pages and set up customer reviews so that everything would seem to be on the level.
These malicious apps were also further distributed via third-party websites made to help developers test iOS apps before selling the final product on the App Store.
The researchers urged people not to download any apps outside Google Play and the App Store and to always double-check if a product is genuine. Installing good antivirus software is always recommended, but the key indicator should be whether something sounds too good to be true, especially when it comes to finances.