Tech

Sophos uncovers 167 fake Android and iOS trading and cryptocurrency apps

Attackers targeted users through dating sites and lured victims into installing money-stealing apps disguised as popular brands

Updated 5 years ago · Published on 19 May 2021 5:00PM

Sophos uncovers 167 fake Android and iOS trading and cryptocurrency apps
Examples of the fraudulent financial and cryptocurrency apps that look similar to the actual apps. – Pic courtesy of Sophos, May 19, 2021

SOPHOS, a global leader in next-generation cybersecurity, has identified a stash of 167 counterfeit Android and iOS apps that attackers are using to steal money from people who believe they have installed a financial trading, banking or cryptocurrency app from a well-known and trusted organization. A report on the findings, 'Fake Android and iOS apps disguised as trading and cryptocurrency apps,' shows how the attackers used social engineering techniques, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to unsuspecting users.

Sophos researchers investigated the fake apps and found that many were very similar. Some included an embedded customer support 'chat' option. When researchers tried to communicate with the support teams using the chat, the replies they received used near-identical language. The researchers also uncovered a single server loaded with 167 fake trading and cryptocurrency apps. Taken together, this suggests that the scams could all be operated by the same group, according to Sophos.  

In one of the schemes investigated, the scammers befriended users via a dating app, setting up a profile and exchanging messages with individual targets before attempting to lure them into installing and adding money and cryptocurrency to a fake app. If targets later tried to withdraw funds or close the account, the attackers simply blocked their access.

In other cases, targets were caught through websites designed to resemble that of a trusted brand, such as a bank. The operators even set up a fake 'iOS App Store' download page featuring fake customer reviews in order to convince targets they were installing an app from the genuine App Store. 

If people clicked on the links to download the fake apps for either Android or iOS, they received something that looked like a mobile web app, but was in fact a short-cut icon that linked to a fake website.

The operators also distributed some of the fake iOS apps via third-party websites that help iOS developers test new applications with a limited number of Apple device users before they submit apps to the official App Store. 

“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable.

“To avoid falling prey to such malicious apps, users should only install apps from trusted sources such as Google Play and Apple’s app store. Developers of popular apps often have a web site, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer. Last, but not least, if something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.”

Sophos detects these apps as Andr/FakeApp-DC, iPh/FakeApp-DD and iPh/FakeApp-DE. 

Sophos also advises users to install an antivirus app on their mobile device, such as Intercept X for Mobile, to protect Android and iOS devices from cyberthreats.

Further information on the Android and iOS fake trading and cryptocurrency apps and other mobile threats reported on by Sophos is available at SophosLabs Uncut. – The Vibes, May 19, 2021

Related News

Community / 2w

Penang new top cop looks to AI to help fight online fraud

World / 2y

Rise of three-nation partnership to fight menace of cyber threats in region

Malaysia / 2y

What more must the authorities do to combat online scams?

Malaysia / 2y

New law on 'kill switch' takes into account action against negligent banks

Education / 2y

Kings and CSM set to drive cybersecurity education and research in the country

Malaysia / 2y

Padu security breach: Pikom urges govt to engage ‘crucial’ external expertise

Spotlight

Opinion

When bullying turns violent, Malaysia must confront what is happening inside schools

By The Vibes Says

Malaysia

Malaysia-Thailand open historic border crossing to deepen trade, regional integration

By Ian McIntyre

Malaysia

Gerak Khas drama actress, Tisha Samsir denies drug involvement

Malaysia

Student stabbing: Teenage girl sent to Hospital Bahagia for psychiatric evaluation

Malaysia

Anwar wishes Tun M a happy 101st birthday

World

Israel shares intelligence with US over alleged Iranian plot to assassinate Trump

Malaysia

EPF members withdraw RM19.87 billion from Flexible Account as of May 31

Malaysia

Melaka: Student who was allegedly bullied chases schoolmate with box cutter

World

Fresh US-Iran strikes deepen Middle East crisis as ceasefire crumbles

You may be interested

Events

HashMicro rolls out AI-powered manufacturing platform to help firms tackle rising costs, disruptions

By Alfian Z.M. Tahir

Places

Four premier hotels in Penang to be restored, open doors soon

By Ian McIntyre