The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.
Researchers have discovered 167 counterfeit iOS and Android apps stealing money from victims while disguised as popular cryptocurrency trading, stock trading, and banking apps.
The Sophos team was asked to investigate an application by someone who was a victim of a scam that started on a social media and dating website. The fraudsters tricked their target into installing a cryptocurrency trading app by sending them a link that impersonated a Hong Kong-based trading and investment firm called GoldenWay. iOS and Android options were available.
After installation, they urged the victim to purchase cryptocurrency and transfer it into their wallet; however, they blocked the victim's account when they requested to transfer the funds.
Researchers investigating this incident found hundreds of fake trading apps — each disguised as the official trading app of a financial organization — distributed using the same infrastructure.
In some cases, the schemes to distribute apps use social engineering through dating websites as well as websites spoofing actual companies. These websites brought victims to third-party sites delivering iOS mobile apps via configuration management schemes, iOS mobile device management payloads carrying "Web Clips," or Android apps, depending on the device. Attackers had unique ways of bypassing the Apple App Store and Google Play; researchers explain the technical details in a blog post.
It's believed these fraudulent applications are designed to exploit a growing interest in trading apps, driven by the recent increase in the value of cryptocurrencies and interest in low-cost or free stock trading.
Read the full report for more information.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024