informa
/
Mobile
Quick Hits

Researchers Unearth 167 Fake iOS & Android Trading Apps

The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.

Researchers have discovered 167 counterfeit iOS and Android apps stealing money from victims while disguised as popular cryptocurrency trading, stock trading, and banking apps.

Related Content:

7 Modern-Day Cybersecurity Realities

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cybersecurity: What Is Truly Essential?

The Sophos team was asked to investigate an application by someone who was a victim of a scam that started on a social media and dating website. The fraudsters tricked their target into installing a cryptocurrency trading app by sending them a link that impersonated a Hong Kong-based trading and investment firm called GoldenWay. iOS and Android options were available.

After installation, they urged the victim to purchase cryptocurrency and transfer it into their wallet; however, they blocked the victim's account when they requested to transfer the funds.

Researchers investigating this incident found hundreds of fake trading apps — each disguised as the official trading app of a financial organization — distributed using the same infrastructure.

In some cases, the schemes to distribute apps use social engineering through dating websites as well as websites spoofing actual companies. These websites brought victims to third-party sites delivering iOS mobile apps via configuration management schemes, iOS mobile device management payloads carrying "Web Clips," or Android apps, depending on the device. Attackers had unique ways of bypassing the Apple App Store and Google Play; researchers explain the technical details in a blog post.

It's believed these fraudulent applications are designed to exploit a growing interest in trading apps, driven by the recent increase in the value of cryptocurrencies and interest in low-cost or free stock trading.

Read the full report for more information.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5