Several counterfeit versions of popular cryptocurrency trading, stock trading & banking apps are discovered by Sophos on iOS & Android platforms, designed to steal sensitive information. All those people download these fake apps are often potential victims of data theft. Counterfeit apps are impersonating major financial firms & popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, & TDBank. Sophos found these fake apps while looking into a fraudulent mobile trading app that masqueraded together tied to a well known Asia-based trading company, Goldenway Group.
Sophos says that schemes to distribute these fake apps are leveraged though dating sites & social media. These apps are made cleverly to seem like those belonging to the particular legitimate ones. “These websites forwarded victims to third-party sites that delivered iOS mobile applications via configuration management schemes, iOS mobile device management payloads carrying “Web Clips”, or Android apps counting on the device used, the report by Sophos notes.
The report details one victim’s misery wherein he touched base with the scammers through social media & dating site. The scammers befriended the victim & shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the COVID-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link. They even walked the victim through the installation process and encouraged him to shop for cryptocurrency and transfer it into their wallet. After the transfer was made, the scammers blocked the victim’s account and ended communication.
The fake app that the victim was tricked to download was an impersonation of the Hong Kong-based trading and investment trust called Goldenway Group. the corporate is conscious of this scam & even has posted a warning on the company’s actual website with an alert about fraudsters scamming users with an identical named site and asks its users to steer beyond such apps.
To bypass the App Store, scammers use 3rd party services to deploy what’s referred to as an Super Signature process. this enables app developers to use Apple’s ad-hoc application distribution method to deliver applications to iOS devices—a process intended to permit developers to distribute apps on to a limited number of devices for testing. However, it’s being abused by malicious pp developers. Scammers even used the online Clips technique to dupe iPhone customers.
To avoid falling prey to such malicious apps, practice the subsequent guidelines.
1. Users should only install apps from trusted sources like Google Play & Apple’s App Store.
2. Developers of popular apps often have an internet site , which directs the users to the real app.
3. Users should verify if the app was developed by its genuine developer.
4. Install an antivirus app on your mobile device.
