The Pig Butchering scam targets crypto users with fake trading apps on the Apple Store and Google Play Store. These apps masquerade as legitimate platforms to deceive investors, bypass store checks, and exploit unsuspecting users around the world.
Fraudulent campaign targeting Apple iOS and Android users A fake trading app was involved and was discovered by GroupIB. These apps can be found on Apple's App Store, Google Play, and phishing sites and are part of a pig-butchering scam targeting crypto investors in the Asia Pacific, Middle East, Africa, and Europe regions.
Group-IB threat intelligence and fraud prevention analysts first discovered these fake mobile applications in May 2024 and have been investigating this campaign ever since.
According to them, report The applications, shared with Hackread.com ahead of Wednesday's launch, were developed for Android using a single cross-platform framework. One was distributed through the Google Play Store and the other was targeted at iOS devices.
What's worse, unlike traditional mobile Trojans, these applications lack typical malicious functionality and cybercriminals create a facade of a legitimate trading platform to deceive their victims. I did.
The malicious app bypasses Apple's App Store checks by checking the current date and time, and if it is before 00:00:00 on July 22, 2024, it launches a fake activity using math formulas and graphics. Masu. The Android sample is designed to display a fraudulent trading application hosted on the api.fxbrokerscc domain that is part of a larger fraudulent infrastructure.
According to researchers, these fake trading and downloader apps mimic legitimate platforms and may include features such as account settings, trading history, and stock information. Downloader apps found in the Apple App Store or distributed through phishing websites prompt victims to install fraudulent apps.
The malware families used in the pig butchering scam are: UniShadowTradewhich falls under the UniApp framework. This name was given by Group-IB analysts to categorize the fraudulent applications involved in the scam. FYI, the UniApp framework allows developers to create cross-platform applications with a single codebase, making it easier for fraudsters to develop and distribute malware.
What exactly is pig butchering?
for your information, butchering a pig is a notorious digital scam that involves an elaborate process of grooming victims, building their trust, and ultimately swindling them out of their money.
This particular campaign follows a specific pattern. This means identifying targets through social media, grooming and building trust through social engineering techniques, offering seemingly lucrative investment opportunities in cryptocurrencies and other investments, encouraging small initial investments, and building trust with small profits. It's a construction.
Scammers force victims to invest large amounts of money, make them transfer funds that cannot be withdrawn, and then disappear. This process continues until the victim is unable to withdraw funds, causing severe financial losses and affecting their financial stability.
Nevertheless, pig butchering scams can have devastating consequences for victims. By understanding scammers' tactics and taking proactive steps, you can reduce your risk of falling victim to such scams.
Warning for Android and iOS users
It's true that Google, which owns Android, and Apple, which owns the iOS App Store, are doing their best to protect their markets from malware and other cybersecurity threats. Despite constant monitoring, cybercriminals infiltrate these stores with malicious apps and drain unsuspecting users' bank accounts and cryptocurrency wallets.
Just last week, Approved by Google Cryptocurrency draining app on Play Store that stole over $70,000 from Android users. on the other hand, in February 2024Apple has approved a fake LastPass Password Manager app in the iOS App Store. That same month, Apple Fake Rabby Wallet app It stole millions of dollars from unsuspecting users.
Therefore, be especially careful when downloading apps from these stores. Check reviews, search for official apps on Google, find social media platforms, and see if the apps promoted in the app store are genuine.
Related topics
- Phishing scam hits European bank users on iOS and Android
- Scylla ad fraud on iOS, Android users stopped by Apple and Google
- Pink Dreyner steals $3 million from Twitter users by posing as a journalist
- Hackers posing as Google Support steal $243 million in cryptocurrencies
- Apple mistakenly approves malware masquerading as Adobe Flash Player
