Fake trading platforms appear in app stores with no malware to get past safety checks and let hackers take large amounts of money.
A sophisticated and manipulative scam known as “pig butchering” involves scammers manipulating victims into falling for complex investment schemes, usually using bitcoin or other financial instruments. Usually, it would take weeks or even months for cybercriminals to win over the victim’s trust by claiming to be an investing or trading expert.
A single cross-platform development framework was used to create each of these Android applications. A similar app aimed at iOS devices was uncovered soon after, and one of the apps was made available via the official Google Play store.
These kinds of frauds are commonly referred to as “pig butchering,” which describes frauds where hackers trick people into falling for fake investment schemes. The trust and large “investments” that victims provide fraudsters can take weeks or even months to establish, and these only seem to increase on the fake platform.
The official Google Play Store and Apple App Store offer the apps for download. The UniApp Framework, which is utilised in their construction, enables cross-platform code sharing. Given that there are versions in Hindi, Chinese, Portuguese, English, and other languages, the scammers have even considered localisation.
As previously mentioned, it is possible that they depended on social engineering techniques like dating apps or social networks.
The software requests that users register by uploading a passport or ID card along with other supporting documentation, entering personal and employment-related facts, and accepting a number of terms and conditions as well as risk warnings.
The application cannot be opened right away once the download is finished. The hackers then direct the user to manually confirm that the Enterprise developer profile is genuine. After completing this stage, the fake application starts to function.
“If you’re asked to install an application from an official store, don’t let your guard down. Always check the publisher, application rating, and user comments to make sure it’s legitimate,” Group-IB said. “Only install applications from official websites.”
Group-IB
The scam’s domains seem to be a part of a wider fake network, with other fake domains copying financial organisations and registered under similar names.
“Using web-based applications increases the secrecy of criminal activities and complicates detection. This emphasises how crucial it is to be attentive and educate end users, especially when using apps that appear reliable, according to the researchers.
The package names for every Android package that was found were the same: com.finans.trader or com.finans.insights. JavaScript code was used to implement the main functionality of these applications, which were constructed using the UniApp framework.
The list of names that they could be copying that was found in the program is below:
