Sophos discovers 167 fake Android and iOS trading and cryptocurrency apps

Cybersecurity firm Sophos on Monday said it had discovered a stash of as many as 167 counterfeit apps that were being used by cybercriminals to steal money from users who believed they had installed legit financial trading, banking or cryptocurrency application.

According to the cybersecurity firm, cybercriminals used familiar social engineering techniques, counterfeit websites, and a fake iOS App Store download page. They also used an iOS app-testing website to get users to download the fake applications.

ALSO READ: Ireland confirms its health system faced a second cyber attack

Researchers discovered most of these fake applications were identical to each other. Some apps came with a customer support chat option. When contacted, they used near-identical languages as well. Researchers discovered a single server with 167 fake trading and cryptocurrency apps. Sophos believes these 167 apps are run by a single entity or group.



A counterfeit website posing as one for Kraken Digital Asset Exchange, one of the largest and oldest cryptocurrency trading sites. (Sophos)

In one of the cases, scammers befriended users through a dating app. Scammers set up a profile and exchanged messages with an individual before getting them to download a fake application. When the individual tried to withdraw money or close the account, scammers simply shut their account access.

Similarly, individuals were targeted through sites that looked identical to a legitimate brand, such as a bank. Scammers even set up a fake app store download page to get individuals to download the app. The download page also featured customer reviews, which obviously were fake. When individuals downloaded the app, it opened as a mobile web app and was a shortcut to a fake website.

ALSO READ: Supply chain penetration: Here’s how you can protect yourself

“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, a senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable.”

Chandraiah suggests users should install an application only from trusted sources such as Google’s official Play Store and Apple’s App Store. The researcher also asked users to be cautious of apps or websites that make tall claims of giving high returns. Avoid sharing credentials with anyone else on the web.