Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both the Play Store and App Store. This type of scam, known as 'Pig butchering', involves scammers building a relationship with victims, getting them to download an app, and then convincing them to deposit money into it. In one case, the scammers created a fake profile of a woman living a luxurious life in London. They then asked the victim to download the Ace Pro app, which was disguised as a QR code scanner. Once downloaded, users were shown a fraudulent crypto trading platform and asked to deposit money. All of the funds went directly to the scammers. One victim, who contacted Sophos, only realized the apps were fraudulent after losing $4,000. It was surprising that the apps made it onto the App Store, considering how difficult it usually is to get malware past Apple's security review process. This is the first time Sophos has found fraudulent apps on the App Store in their two years of investigating Pig butchering scams. Scammers previously had to go through more technical trouble to get Apple users to download fake apps, and many victims figured out something was wrong when they couldn't download an app directly. By getting an application onto the App Store, the scammers have increased their potential victim pool, as many users trust Apple. Both apps are also not affected by iOS's new Lockdown mode, which prevents scammers from loading mobile profiles. Sophos believes the scammers were able to get past App Store security by connecting it to a remote website with benign functionality when it was originally submitted for review. Once the app was approved, the scammers redirected it to a domain registered in an unnamed country in Asia. The other app, MBM BitScan, is known as BitScan on Google Play and both apps communicate with the same Command and Control infrastructure which communicates with a server that resembles a legitimate Japanese crypto firm. Both Google and Apple were notified by Sophos about the apps and both companies said they removed them. Sophos was initially alerted to the scam apps by victims, which started their two-year investigation into the trend. Pig butchering scams have become popular among cybercriminals as online dating has grown and more people have become comfortable with sending money digitally. CryptoRom and other forms of Pig butchering initially targeted people in China and Taiwan. Over the course of the COVID-19 pandemic, the scams have spread globally and evolved into fraudulent foreign exchange and cryptocurrency trading. The scammers take advantage of lax money laundering laws and human trafficking in countries like Cambodia to staff their operations. Economic disruptions from COVID-19 have forced many people into taking job offers abroad that turned out to be fraudulent and connected to Pig butchering rings. The victims Sophos spoke to were almost always well-educated, and many noted that their relationships with the scammers lasted months. Most victims said they had recently gone through a major life change and were emotionally vulnerable to this kind of operation.
This Cyber News was published on therecord.media. Publication date: Thu, 02 Feb 2023 13:59:03 +0000