Cybercriminals operating crypto scam apps have found a way to bypass security protocols on Apple and Google official app stores to publish fraudulent apps, a report from Sophos cybersecurity shared.
Threat actors are remotely changing content to make fake apps slide through the official review process of Apple and Google app stores to post apps which are then used to execute CryptoRom scams, also known as “pig butchering”.
This type of fraud uses social engineering combined with the use of fraudulent finance apps and websites to target victims; the report shared.
While earlier the scam was deployed from outside official app stores, scammers are now using remote content to provide codes that allow fraudulent apps to appear legitimate to app store reviewers, once the app is approved, they change the code that delivers the fake CryptoRom trading interface.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
It is likely that the criminals use a legitimate-looking site for responses at the time of app review to avoid scrutiny, the report shared.
Researchers at Sophos observed apps named “Ace Pro” and “MBM_BitScan” on the Apple App Store and “BitScan” on Play Store which was being used to execute the scam.
CryptoRom or “pig butchering” has been happening for a few years, and people use Facebook or Tinder to convince victims to download fraudulent apps and “invest” amounts in assets purported to be genuine.
Once scammers get victims to invest, they convince the victim to transfer their funds to a fraudulent app, scammers allow victims to withdraw small amounts in the beginning, but then lock their accounts vanishing when the larger amounts are transferred.
And because these apps are only downloaded by a small number of targeted users, they are able to avoid scrutiny and remain undetected.
Sophos observed that with the emergence of FinTech people the use of software tools has increased and with fraudulent apps bypassing official Apple and Google store reviews, victims are even more at risk.
Apple and Google’s security teams have removed the fraudulent apps since being notified, however, since there may be other existing fraudulent apps users are advised to be cautious when downloading apps via email or messaging links and to report suspicious apps to ensure cyber security.
Both Apple and Google have been notified about these apps. Apple’s security team promptly removed them from that app store. Google recently removed the app we reported from the Play store as well.