- As cryptocurrencies adoption continues to grow, attackers have turned to cryptocurrency and trading apps to steal from investors.
- Sophos has identified over 167 Android and iOS apps that attackers are using to lure and steal money.
British cybersecurity firm Sophos has identified 167 Android and iOS trading and cryptocurrency apps being used by attackers to steal from investors. As the market frenzy grows, unsuspecting traders are downloading disguised financial trading, banking or cryptocurrency apps expecting to use these to make money. Attackers have found it easy with a majority of traders flocking the cryptocurrency industry with little knowledge of its working and huge expectations after an exemplary performance in the first few months of the year.
According to Sophos, attackers have deployed different tactics to get around firewalls and bypass iOS and Android. This includes creating a fake iOS App Store download page, and an iOS app-testing website. In other instances, the developers leveraged social engineering through dating sites to lure in victims. The attackers in one case befriended a user on a dating site before enticing them to download and add funds to one of the fake trading apps.
The scammers befriended the victim, and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the Covid-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link.
Fake cryptocurrency apps linked to the same group
Interestingly, the researchers identified a single server that hosted all the 167 apps which suggested to them that all these fraudulent apps belong to the same group.
The researchers advise investors to be keen on where they download apps. “Users should only install apps from trusted sources such as Google Play and Apple’s app store”, they added. They further advised against getting involved with projects that promised unrealistic returns in a short time.
If something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.
Recently a number of UK banks halted payments to crypto exchanges in a bid to crack down on rising crypto scams. According to some reports, UK investors have lost over $65 million in the last year due to scams with nearly half of them involving cryptocurrencies. The banks included Barclays and digital challenger banks, Monzo and Starling.
The banks have made it clear that this is a temporary measure but one that will be reversed once they introduce additional measures to curb fraud. Bank of England Governor Andrew Bailey has in the past warned about engaging with cryptocurrencies stating that anyone holding Bitcoin should be prepared to lose all their money.