Skip to content

Trading apps target iOS and Android users in Pig Butchering scam

  • by
  • 3 min read

A sophisticated fraud campaign targeting Apple iOS and Android users has been uncovered, involving fake trading apps designed to deceive cryptocurrency investors. The campaign has been found to exploit both Apple’s App Store and Google’s Play Store, as well as phishing websites, to propagate these fraudulent applications targeting Asia-Pacific, the Middle East, Africa, and Europe.

An investigation by cyber security experts revealed that the fraudulent apps imitate legitimate trading platforms, creating a polished facade to lure victims. The apps do not possess typical malware features, allowing them to evade detection by app store checks.

For iOS users, the apps cleverly check the current date and time to bypass Apple’s security checks. If activated before July 22, 2024, they will launch a fake display of mathematical formulas and graphics.

For Android users, these apps direct victims to a fraudulent trading interface hosted on the domain api.fxbrokerscc, part of a broader infrastructure supporting the scam.

The scam works in six stages. | Source: Group IB

The Pig Butchering scam is a highly organised digital fraud that follows a familiar yet devastating pattern. Scammers use social engineering tactics to groom their victims, establishing trust through social media and messaging platforms. They entice victims with lucrative investment opportunities, usually in cryptocurrency, initially encouraging small investments to gain confidence.

Once the victim is hooked, scammers push for larger investments, ultimately locking the victim’s funds in accounts they can no longer access. By the time victims realise the deception, their financial stability has been compromised, and many have lost substantial amounts of money.

Researchers discovered the malware family behind this Pig Butchering campaign was UniShadowTrade, classified under the UniApp framework. This framework allows developers to create cross-platform applications with a single codebase, which scammers have exploited to distribute malicious apps rapidly.

A sample of a phishing website luring victims to download malicious applications. | Source: Group IB

These apps often feature functionalities mimicking legitimate trading platforms, such as account settings, transaction histories, and stock information, adding to their deceptive appeal.

A notable feature of the scam involves downloader apps that appear on the Apple App Store or through phishing links. Once downloaded, these apps prompt users to install the fraudulent trading app, which further enables fraudsters to access victims’ funds.

Researchers have cautioned individuals to always verify app legitimacy by checking reviews, searching for official websites, and cross-referencing the apps or platforms’ social media profiles.

In the News: Over 700,000 DrayTek routers vulnerable to remote hijacking

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>