Sophos, a cybersecurity firm, announced on Monday that it had discovered a huge number of up to 167 fake apps being used by cybercriminals to steal money from users who thought they had installed a legitimate financial trading, banking, or cryptocurrency app.
Cybercriminals used familiar social engineering tactics, counterfeit websites, and a fake iOS App Store download page, according to the cybersecurity company.
To get users to download the crypto fake apps, they used an iOS app-testing website.
The majority of the fake applications were found to be similar to one another, according to researchers.
A customer service chat feature was available in some applications.
When contacted, they spoke in nearly identical languages.
You might also like: Android banking malware-Teabot exploited in the wild
A single server with 167 fake trading and cryptocurrency apps was discovered by researchers.
According to Sophos, these 167 apps are controlled by a single entity or organization.
Scammers befriended users through a dating app in one of the instances.
You might also like: Adobe releases patches for zero-day vulnerability in Adobe Reader
Scammers created a profile for a person and exchanged messages with them before convincing them to download a fake application.
Scammers actually blocked the individual’s account access when they attempted to withdraw money or close the account.
Individuals were often targeted by sites that seemed to be legitimate brands, such as banks.
You might also like: Beware: Foxit Reader bug allows hackers run malicious code via PDFs
To get people to download the app, scammers also set up a fake app store download page.
Customer reviews were also included on the download page, which were clearly fake.
When people downloaded the app, it seemed to be a mobile web app that led to a fake website.
Jagdeesh Chandraiah – senior threat researcher at Sophos stated that people trust the brands and people they know – or think they know – and the perpetrators of these fake trading and cryptocurrency scams take full advantage of that.
The fake cryptocurrency and financial apps we discovered imitate well-known and trustworthy financial apps from around the world, while the dating site sting starts with a friendly exchange of messages to establish confidence before asking the target to install a fake app.
Such tactics lend credibility to the scam.
Users should only install apps from trusted sources such as Google’s official Play Store and Apple’s App Store, according to Chandraiah.
Users should be cautious of applications or websites that make bold statements about high returns, according to the researcher.
Also check out: 6 Unpatched bugs discovered in Remote Mouse App
Don’t give out your login information to someone else on the internet.