Cybercriminals are using fake trading apps to defraud unsuspecting individuals as part of a global “pig butchering” campaign, according to new research from cybersecurity firm Group-IB.
Pig butchering is a form of investment fraud where scammers persuade victims to invest large sums of money on fake trading platforms. The scheme, commonly associated with cryptocurrencies and surprisingly vegan-friendly, shows how scammers build trust with their victims before draining them of their investments. This ruse has proven to be a lucrative cyberthreat, with researchers at the University of Texas at Austin estimating that pig butchers have stolen more than $75 billion from victims over the past four years.
Since May, Group-IB analysts have identified multiple fake mobile applications on Google Play and the Apple App Store posing as trading platforms and being used as part of a global scheme. The Russian-founded cybersecurity company, which moved its headquarters to Singapore in 2019, classified the malicious app as a member of the UniShadowTrade malware family and said the mobile application was built using the UniApp framework.
Hood wink! Group-IB could not pinpoint exactly how cybercriminals target pig butchering victims, but the report suggests it may be through social engineering tactics on dating and social networking platforms. It is suggested that it is the highest. After building a relationship with a victim, a malicious attacker can convince the victim to download a seemingly legitimate application in order to carry out a crime.
One example of a fake app discovered by Group-IB fooled users with a description that claimed it could be used to “calculate volumetric areas in algebraic formulas and 3D graphics.” Users who downloaded the app were asked to create an account and disclose sensitive information before being directed to make a deposit. Cybercriminals can then convince victims to continue investing on the platform, but victims will not be able to withdraw their funds.
The app has since been removed from the App Store, but Group-IB claims that cybercriminals continue to distribute the app to both Apple and Android users through phishing websites.
Another fake app discovered by Group-IB on Google Play Store pretended to be an application to share stock-related news. The app racked up more than 1,000 downloads before being removed by the app store.
Group-IB claims it has been able to identify victims of pig slaughter across the Asia-Pacific, Europe, Middle East and Africa regions.
Zoom out. This recently discovered tactic joins a number of strategies used by malicious actors to commit investment-related crimes. IT Brew previously reported that as part of a cryptocurrency fraud scheme, cybercriminals send victims to local Bitcoin ATMs to secretly compromise their accounts and impersonate webpages from popular retail brands. I did.
Read more about Morning Brew
