spot_img

HinduPost is the voice of Hindus. Support us. Protect Dharma

Will you help us hit our goal?

spot_img
Hindu Post is the voice of Hindus. Support us. Protect Dharma
23.5 C
Sringeri
Friday, March 29, 2024

Scammers operating investing scams infiltrate Apple App Store, Google Play

Scammers operating high-yielding investing scams called “pig butchering” have found a way to compromise Google Play and Apple’s App Store, the official repositories for Android and iOS apps.

Pig butchering scams are those which involve fake websites, malicious advertising, and social engineering.

By adding fraudulent apps to official download platforms, scammers can gain a victim’s trust easier, reports BleepingComputer.

According to cybersecurity company Sophos researchers, scammers are targeting victims on Facebook or Tinder and convincing them to download the fraudulent apps and “invest” large sums of money in assets that appear to be real.

The cybersecurity firm observed that the campaign was undertaken by a China-based threat group named “ShaZhuPan,” which shows high organisational levels with distinct teams engaged in victim interactions, finance, franchise, and money laundering, according to the report.

The fraudsters appear to target male users over Facebook and Tinder using women’s profiles with stolen images from other social media accounts.

Moreover, the report mentioned that the scammers after gaining the victims’ trust, claim to have an uncle who works for a financial analysis firm and invite them to trade cryptocurrency through an app available on the Google Play or Apple App Store.

Sophos discovered malicious apps called “Ace Pro” and “MBM BitScan” on the Apple App Store, and “BitScan” on the Google Play Store, which was used in the campaign.

The apps let the victim withdraw small amounts of cryptocurrency initially but then lock their accounts when larger amounts are involved.

Furthermore, in order to gain access to the App Store, the ShaZhuPan gang submits an app signed with a valid Apple certificate, which is a requirement for any code to be accepted into the iOS repository.

Until the app receives approval, it connects to a harmless server and behaves normally, said the report.

When the app passes the review, the developer changes the domain and connects to a malicious server.

Upon launching the app, the victim sees a cryptocurrency trading interface delivered by the malicious server; however, everything displayed is fake, except for the user’s deposit, the report added.

(The story has been published via a syndicated feed.)

Subscribe to our channels on Telegram &  YouTube. Follow us on Twitter and Facebook

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign up to receive HinduPost content in your inbox
Select list(s):

We don’t spam! Read our privacy policy for more info.

Thanks for Visiting Hindupost

Dear valued reader,
HinduPost.in has been your reliable source for news and perspectives vital to the Hindu community. We strive to amplify diverse voices and broaden understanding, but we can't do it alone. Keeping our platform free and high-quality requires resources. As a non-profit, we rely on reader contributions. Please consider donating to HinduPost.in. Any amount you give can make a real difference. It's simple - click on this button:
By supporting us, you invest in a platform dedicated to truth, understanding, and the voices of the Hindu community. Thank you for standing with us.