New research conducted by cybersecurity company Group-IB has revealed that cybercriminals have been using fake trading apps as part of a global “pig butchering” campaign to deceive unsuspecting individuals.
Pig butchering is a type of investment fraud where scammers convince victims to make substantial investments on fraudulent trading platforms. This scheme, often associated with cryptocurrency and surprisingly vegan-friendly, involves scammers gaining the trust of their victims before exploiting them for their investments. According to researchers at the University of Texas at Austin, pig butchering scammers have managed to steal over $75 billion from victims in the past four years.
Since May, Group-IB analysts have identified several fake mobile applications posing as trading platforms on the Google Play and Apple App Store as part of this global scheme. These fraudulent apps, classified by the cybersecurity company as part of the UniShadowTrade malware family, were created using the UniApp Framework.
Although Group-IB was unable to determine the exact method cybercriminals use to target their pig butchering victims, the report suggests that social engineering tactics on dating and social networking platforms are likely involved. By establishing a relationship with their victims, malicious actors can persuade them to download seemingly legitimate apps to carry out their fraudulent activities.
One example of a fake app uncovered by Group-IB tricked users with a description claiming it could assist with “algebraic mathematical formulas and 3D graphics volume area calculations.” Once users downloaded the app, they were prompted to create an account and provide sensitive information, followed by a request to make a deposit. The cybercriminal then coerces the victim into making further investments on the platform, which they are ultimately unable to withdraw.
Although the app has been removed from the App Store, Group-IB reports that cybercriminals are circulating it to Apple and Android users through phishing websites.
Another fraudulent app identified by Group-IB on the Google Play Store pretended to be an app providing stock-related news. This app amassed over a thousand downloads before being removed from the store.
Group-IB has stated that pig butchering victims have been identified across the Asia-Pacific, European, and Middle East and Africa regions.
This new tactic discovered by Group-IB is just one of many strategies employed by malicious actors to carry out investment-related crimes. Previous reports from IT Brew have highlighted cybercriminals directing victims to local Bitcoin ATMs to drain their accounts secretly and impersonating the web pages of popular retail brands in crypto fraud schemes.
For more insights from Morning Brew, visit their website.