Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to targets. The scam is a version of romance scam, where targets are befriended, lured in, persuaded to download a disguised malicious app, drawn into false cryptocurrency dealing, and defrauded. It's a long game social engineering scam built on trust rather than fear, greed, or urgency. When the Chinese authorities clamped down, the gangs decamped to places like Cambodia. Now, according to an analysis from Sophos, the gangs are well organized but as ugly as the scam. At the top of the hierarchy is the 'head office' which does supervision and money laundering. The scam itself is subcontracted to affiliates, which have a front desk handling staffing, a tech team handling the technology involved, and a finance team looking after the money. Profits tend to be divided 60-40 - with 40% going to the head office. At the bottom of the pile are the keyboarders who liaise with, and trick the targets. These are often victims themselves, sometimes foreigners lured into the process by the promise of earning money, and kept in the process by the threat of violence. The new danger exposed by Sophos is not the scam but the criminals' success in getting malicious apps into the official app stores. This is not uncommon with Google Play, but unusual with Apple. In two separate examples that by-passed Apple's App Store review, a legitimate-looking app initially communicates with a benign back end. Nothing malicious can be seen, so the apps passed Apple's review. Only after the app is accepted, downloaded, and launched does the developer switch domains, from the benign back end to a malicious server that delivers the malicious content. "When we originally began investigating CryptoRom scams targeting iOS users, the scammers would have to persuade users to first install a configuration profile before they could install the fake trading app," comments Jagadeesh Chandraiah, senior threat researcher at Sophos. "This obviously involves an additional level of social engineering-a level that's hard to surmount." Many potential victims would be 'alerted' that something wasn't right if they cannot directly download a supposedly legitimate app. By getting an application into the App Store, the scammers have vastly increased their potential victim pool, particularly since most users inherently trust Apple. "Both apps are also unaffected by iOS' new Lockdown mode, which prevents scammers from loading mobile profiles helpful for social engineering," continued Chandraiah. "In fact, these CryptoRom scammers may be shifting their tactics - that is, focusing on bypassing the App Store review process - in light of the security features in Lockdown." The scam still requires extensive social engineering. The victim is typically approached via a dating app, and then invited to switch the conversation to WhatsApp. The scammer or scammers used a manufactured profile of a woman based in London, with a full and compelling Facebook profile complete with professional or stolen location and lifestyle photos. "After establishing a rapport, the criminals behind the profile told the victim that 'her' uncle worked for a financial analysis firm, and invited the victim to do cryptocurrency trading together." It was at this point that the victim was introduced to the fake application in the app store. A degree of patience is still demonstrated by the attackers. Crypto investment begins slowly, and the victim can even make withdrawals from the crypto account. By the time the victim realizes that something is wrong, both the money and the scammers are gone. This scam, says the Sophos report, "Is a well-organized, syndicated scam operation that uses a combination of romance-centered social engineering and fraudulent crypto trading applications and websites to lure victims and steal their money after gaining their confidence." The worrying possibility for the future is that emerging artificial intelligence such as ChatGPT will make such detailed and professional social engineering even more compelling - and widely available to criminals less sophisticated.

This Cyber News was published on www.securityweek.com. Publication date: Mon, 06 Feb 2023 11:54:03 +0000


Cyber News related to Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process

Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
Fraudsters Successfully Inserted Cryptocurrency Programs into Apple and Google's App Stores - Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both ...
1 year ago Therecord.media
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
1 week ago Hackread.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
8 months ago Techrepublic.com
Crypto scam apps infiltrate Apple App Store and Google Play - Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few ...
1 year ago Bleepingcomputer.com
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
8 months ago Go.theregister.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
8 months ago Bleepingcomputer.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
Apple blocked $7 billion in fraudulent App Store purchases in 4 years - Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. From 2020 through 2023, the company also detected more than 14 ...
4 months ago Bleepingcomputer.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
9 months ago Securityboulevard.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
9 months ago Cysecurity.news
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
10 months ago Bleepingcomputer.com
SpyLoan Android malware on Google Play downloaded 12 million times - More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious ...
10 months ago Bleepingcomputer.com
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
4 months ago Security.googleblog.com
Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
4 months ago Bleepingcomputer.com
Take a Cisco Store Tech Lab Tour - Around 7,100 visitors came through the Cisco Store, and 396 attendees participated in 23 tours. We walked attendees through key highlights of our Tech Lab, demonstrating how multiple products can work together. We started at our grid wall, displaying ...
6 months ago Feedpress.me
Ushering in the Next Phase of Mobile App Adoption: Bolstering Growth with Unyielding Security - In recent years, mobile apps have surged in popularity providing consumers with instant access to a variety of life essentials such as finances, education, and healthcare to life's pleasures such as shopping, sports, and gaming. With the popularity ...
9 months ago Cyberdefensemagazine.com
Halting Hackers on the Holidays 2023 Part II: The Apps You Trust - Most free flashlight apps are creepware - also known as malware that spies on you and your online behavior and could pass along information to others. The problem doesn't begin and end with flashlight apps, though. Many seemingly innocuous apps that ...
9 months ago Cyberdefensemagazine.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
4 months ago Bleepingcomputer.com
Are you sure that online store is real? You might be surprised - The rise of user-friendly online store platforms, originally designed to simplify launching digital storefronts, has unintentionally contributed to this problem. These scam artists have a worldwide presence, launching numerous fake stores in various ...
9 months ago Blog.avast.com
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
9 months ago Bleepingcomputer.com
Epic Games Wins: Historic Decision Against Google in App Store Antitrust Case - The conflict between tech behemoths Google and Apple and Fortnite creator Epic Games is a ground-breaking antitrust lawsuit that has rocked the app ecosystem. An important turning point in the dispute occurred when a jury decided to support the ...
9 months ago Cysecurity.news
Android App Security Alert: Proactive Measures to Prevent Unauthorized Control - The latest security alert comes from Microsoft's team who discovered a new vulnerability that may give hackers complete control of your smartphone. The latest security alert is triggered by the discovery of a new security flaw which can allow hackers ...
5 months ago Cysecurity.news
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
4 months ago Eff.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)