British cybersecurity software and hardware company Sophos Group has identified 167 counterfeit Android and iOS apps used by attackers to steal money from people who believe they have installed a financial trading, banking or cryptocurrency app from a trusted organisation.
According to a report published by the company, attackers used familiar social engineering techniques, counterfeit websites, and a fake iOS App Store download page. They also used an iOS app-testing website to get users to download the fake applications.
Sophos researchers discovered that most of these fake apps were similar to each other. Some included an embedded customer support chat option. When contacted, they used near-identical languages too. The researchers also uncovered a single server loaded with 167 fake trading and cryptocurrency apps.
Sophos believes that the scams could all be operated by the same group.
In one of the schemes investigated, the scammers befriended users via a dating app, setting up a profile and exchanging messages with individual targets before attempting to lure them into installing and adding money and cryptocurrency to a fake app. If targets later tried to withdraw funds or close the account, the attackers blocked their access.
In other cases, targets were caught through websites designed to resemble that of a trusted brand, such as a bank. The operators even set up a fake iOS App Store download page featuring fake customer reviews in order to convince targets they were installing an app from the genuine App Store. When individuals downloaded the app, it opened as a mobile web app and was a shortcut to a fake website.
Sophos detects these apps as Andr/FakeApp-DC, iPh/FakeApp-DD and iPh/FakeApp-DE. It also advises users to install an antivirus app on their mobile device, such as Intercept X for Mobile, to protect Android and iOS devices from cyberthreats.
“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, senior threat researcher at Sophos.
“The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable,” he added.
Abingdon, Oxfordshire headquartered Sophos, founded in 1985, claims to protect over 400,000 organisations of all sizes in over 150 countries from the most advanced cyber threats currently. It sells its products and services through a global channel of over 53,000 partners and managed service providers (MSPs). In December 2020, it launched datasets, tools and methodologies across four areas of artificial intelligence (AI) developments.