Sophos, a UK based security software and hardware company has identified over 150 fraudulent Android and iOS apps intending to rob financial information as well as funds from prospective victims. Further the apps disguise to be some of the well known finance, banking and cryptocurrency apps and services which all connect to a common single server, suggesting that there is one major group linked to this fake operation.
The fraud apps are typically exploiting the current market scenario that has seen a surge in interest in trading apps owing to the mind-boggling rise in the price of some of the cryptocurrencies together with interest in free or low cost stock trading.
Sophos in its news posts said when carrying out investigation in respect of one of the apps, the security company came across a server that hosted several fraudulent banking, trading, forex and crytocurrency apps. 'Among them were counterfeit apps impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. Each of these fake apps had a dedicated website tailored to the impersonated brand to better fool potential victims.', said the posts.
Moreover, the posts highlighted the extent to which these scammers are going in order that the victims download their fake apps. In an incident one of the victim was targeted via a social media dating site and the threat actor "befriended the victim, and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the Covid-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link."
After the victim was lured to download the app on his or her device, he or she was convinced or encouraged to take position in the cryptocurrency. Then after the cryptocurrency transaction was executed, the scammers blocked the account of the victim and left altogether.
Do not trust anyone online no matter how genuine they appear or pretend to be.
Also refrain from downloading apps from just anywhere and instead take to Google Play store or Apple's app store.
Do not pay heed to malicious links that ask you to download a given link.