Researchers have discovered 167 counterfeit iOS and Android apps stealing money from victims while disguised as popular cryptocurrency trading, stock trading, and banking apps.
The Sophos team was asked to investigate an application by someone who was a victim of a scam that started on a social media and dating website. The fraudsters tricked their target into installing a cryptocurrency trading app by sending them a link that impersonated a Hong Kong-based trading and investment firm called GoldenWay. iOS and Android options were available.
After installation, they urged the victim to purchase cryptocurrency and transfer it into their wallet; however, they blocked the victim's account when they requested to transfer the funds.
Researchers investigating this incident found hundreds of fake trading apps — each disguised as the official trading app of a financial organization — distributed using the same infrastructure.
In some cases, the schemes to distribute apps use social engineering through dating websites as well as websites spoofing actual companies. These websites brought victims to third-party sites delivering iOS mobile apps via configuration management schemes, iOS mobile device management payloads carrying "Web Clips," or Android apps, depending on the device. Attackers had unique ways of bypassing the Apple App Store and Google Play; researchers explain the technical details in a blog post.
It's believed these fraudulent applications are designed to exploit a growing interest in trading apps, driven by the recent increase in the value of cryptocurrencies and interest in low-cost or free stock trading.
Read the full report for more information.