Massive Fraud Campaign Exploits Fake Trading Apps and Phishing Sites
A large-scale fraud scheme has been uncovered by cybersecurity experts at Group-IB, revealing how fake trading apps on both the Apple App Store and Google Play Store, alongside phishing sites, have been used to scam victims globally. The scheme, often referred to as pig butchering, targets unsuspecting individuals by tricking them into fake cryptocurrency or financial investments after gaining their trust, usually through romantic or professional ruses.
How the Scam Works: From Romance to Financial Deception
This social engineering scam involves luring victims into fraudulent investment opportunities. The criminals behind these fake apps, posing as romantic partners or financial advisors, convince users to invest in crypto or other financial instruments. Once the money is invested, it’s virtually impossible for the victims to recover their funds, with some being asked to pay additional fees before being allowed to withdraw, which never happens.
The Global Reach of Fake Trading Apps
Headquartered in Singapore, Group-IB noted that this fraudulent campaign affects victims across the Asia-Pacific (APAC), Europe, the Middle East, and Africa. The malicious apps, created using the UniApp Framework, have been named UniShadowTrade by researchers. This activity has been ongoing since mid-2023, using promises of quick financial returns to lure in victims. One of the most alarming findings is that a fake app, SBI-INT, even bypassed Apple’s App Store review, giving it an illusion of legitimacy.
The app, which posed as software for mathematical formulas and 3D graphics calculations, used deceptive tactics such as triggering a fake interface if accessed before July 22, 2024. Despite being taken down, the cybercriminals continued distributing the app via phishing websites for both iOS and Android devices.
Phishing Websites and Fake App Distribution
For iOS users, the fake trading app is installed after downloading a .plist file, which requires manually trusting an Enterprise developer profile to make the app functional. Once installed, users are prompted to enter login details, including their phone number and password, followed by an invitation code, suggesting the attackers target specific victims.
After registration, victims are taken through a six-step process where they are asked to submit personal information, job details, and identity documents, leading them to invest in fraudulent schemes. The app is designed to display fake profits, tricking users into investing more, only to block withdrawal requests later.
Cybercriminals’ Sophisticated Tactics
The threat actors behind these scams employed sophisticated techniques, including using a configuration that links to a legitimate service, TermsFeed, for generating privacy policies. This tactic helps them avoid detection and make the scam appear more credible. The fraudulent activity includes web-based elements that further conceal the malicious intent, making it harder for traditional detection systems to flag the app as suspicious.
Group-IB also discovered additional fraudulent apps on the Google Play Store, such as FINANS INSIGHTS and FINANS TRADER6, which primarily targeted users in Japan, South Korea, Cambodia, Thailand, and Cyprus. These apps were downloaded fewer than 5,000 times, but the impact on victims has been devastating.
How to Protect Yourself from Fake Trading Apps
Cybercriminals are exploiting the trust users place in app stores like Apple and Google to distribute malware disguised as legitimate trading apps. Users should remain vigilant and follow these safety tips:
- Be cautious of unsolicited messages from strangers on social media or dating platforms.
- Verify the legitimacy of any investment platform before committing funds.
- Thoroughly research app publishers, ratings, and user reviews before downloading apps.
- Avoid clicking on suspicious links or installing apps from untrusted sources.
Cybersecurity experts warn that scams like these will likely continue to evolve, making it essential for users to stay informed and take proactive steps to protect their financial and personal information.
