Security News > 2023 > February > Crypto scam apps infiltrate Apple App Store and Google Play
Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps.
After gaining the victims' trust, the scammers say that they have an uncle working for a financial analysis firm and launch an invitation to trade cryptocurrency via an app on Play Store or App Store.
The malicious apps used in the campaign that Sophos observed are named "Ace Pro" and "MBM BitScan" on the Apple App Store and "BitScan" on Play Store.
For infiltrating the App Store, the ShaZhuPan gang submits an app signed with a valid certificate issued by Apple, a requirement for getting any code to be accepted into the iOS repository.
Because these apps are only downloaded by a small number of targeted users, they're not massively reported for fraud, making it hard for app store security reviewers to identify them as fraudulent and remove them.
Sophos also points out that the emergence of "FinTech" has normalized people's trust in these software tools and when the apps are sourced from official Apple and Google stores, the sense of legitimacy is high.
News URL
Related news
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)
- Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes (source)
- Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts (source)
- Crypto-stealing apps found in Apple App Store for the first time (source)
- Indian authorities seize loot from collapsed BitConnect crypto scam (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma (source)