Several counterfeit versions of popular cryptocurrency trading, stock trading and banking apps have been discovered by Sophos on iOS and Android platforms, designed to steal sensitive information. All those who download these fake apps can be potential victims of data theft. Counterfeit apps are impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. Sophos found these fake apps while looking into a fraudulent mobile trading app that masqueraded as one tied to a well-known Asia-based trading company, Goldenway Group.
Sophos says that schemes to distribute these fake apps are leveraged though dating sites and social media. These apps are made cleverly to look like those belonging to the actual legitimate ones. “These websites forwarded victims to third-party sites that delivered iOS mobile applications via configuration management schemes, iOS mobile device management payloads carrying “Web Clips”, or Android apps depending on the device used, the report by Sophos notes.
The report details one victim’s misery wherein he touched base with the scammers through social media and a dating site. The scammers befriended the victim and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the COVID-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link. They even walked the victim through the installation process and encouraged him to buy cryptocurrency and transfer it into their wallet. After the transfer was made, the scammers blocked the victim’s account and ended communication.
The fake app that the victim was tricked to download was an impersonation of the Hong Kong-based trading and investment company called Goldenway Group. The company is aware of this scam and even has posted a warning on the company’s actual website with an alert about fraudsters scamming users with a similar named site and asks its users to steer clear of such apps.
To bypass the App Store, scammers use third-party services to deploy what’s known as a Super Signature process. This allows app developers to use Apple’s ad-hoc application distribution method to deliver applications to iOS devices—a process intended to allow developers to distribute apps directly to a limited number of devices for testing. However, it is being abused by malicious pp developers. Scammers even used the Web Clips technique to dupe iPhone customers.
To avoid falling prey to such malicious apps, practice the following guidelines.
- Users should only install apps from trusted sources such as Google Play and Apple’s App Store.
- Developers of popular apps often have a website, which directs the users to the genuine app.
- Users should verify if the app was developed by its genuine developer.
- Install an antivirus app on your mobile device.