Riding on the popularity of cryptocurrency, cybercriminals are using counterfeit Android and iOS apps to lure and steal money from investors or traders. This is among the latest findings in cybersecurity firm Sophos’ latest report “Fake Android and iOS apps disguised as trading and cryptocurrency apps.”
The researchers saw fake financial apps that people normally trust. In their investigation, the Sophos researchers found that many share a lot of similarities. Some included an embedded customer support “chat” option. When researchers tried to communicate with the support teams using the chat, the replies they received used near-identical language. The researchers also uncovered a single server loaded with 167 fake trading and cryptocurrency apps.
Sophos concludes that the scams could all be operated by one group.
Keep ransomware at bay with Sophos Managed Threat Response
Sophos finds fleeceware apps ‘still exist’ in Google’s Play Store
The security researchers also believe attackers used social engineering techniques, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to unsuspecting users.
“People trust the brands and people they know — or think they know — and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable.”
Banking, dating apps
Banking on human vulnerability, scammers find their victims in dating apps. Through the power of social engineering, perhaps one of the oldest techniques, scammers will convince their “new friends” to install the apps, add money and cryptocurrency to a fake app.
According to Sophos, in other cases, targets were caught through websites designed to resemble that of a trusted brand, such as a bank. The operators even set up a fake “iOS App Store” download page featuring fake customer reviews in order to convince targets they were installing an app from the genuine App Store.
If people clicked on the links to download the fake apps for either Android or iOS, they received something that looked like a mobile web app, but was in fact a short-cut icon that linked to a fake website.
“To avoid falling prey to such malicious apps, users should only install apps from trusted sources such as Google Play and Apple’s app store,” Sophos researchers said. “Developers of popular apps often have a website, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer. Last, but not least, if something seems risky or too good to be true — high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.”
Sophos also advises users to install an antivirus app on their mobile device, such as Intercept X for Mobile, to protect Android and iOS devices from cyberthreats.