Researchers Unearth 167 Fake iOS & Android Trading Apps
The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.
Researchers have discovered 167 counterfeit iOS and Android apps stealing money from victims while disguised as popular cryptocurrency trading, stock trading, and banking apps.
The Sophos team was asked to investigate an application by someone who was a victim of a scam that started on a social media and dating website. The fraudsters tricked their target into installing a cryptocurrency trading app by sending them a link that impersonated a Hong Kong-based trading and investment firm called GoldenWay. iOS and Android options were available.
After installation, they urged the victim to purchase cryptocurrency and transfer it into their wallet; however, they blocked the victim's account when they requested to transfer the funds.
Researchers investigating this incident found hundreds of fake trading apps — each disguised as the official trading app of a financial organization — distributed using the same infrastructure.
In some cases, the schemes to distribute apps use social engineering through dating websites as well as websites spoofing actual companies. These websites brought victims to third-party sites delivering iOS mobile apps via configuration management schemes, iOS mobile device management payloads carrying "Web Clips," or Android apps, depending on the device. Attackers had unique ways of bypassing the Apple App Store and Google Play; researchers explain the technical details in a blog post.
It's believed these fraudulent applications are designed to exploit a growing interest in trading apps, driven by the recent increase in the value of cryptocurrencies and interest in low-cost or free stock trading.
Read the full report for more information.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024