A recent cybersecurity report has been published that exposes hundred of fake banking, financial and cryptocurrency applications. One of the fake mobile trading apps that the fraudsters use masquerades as a famous trading company based in Asia.
The apps aim to exploit the current rise of cryptocurrency value and low-cost or free stock trading driven by stories of the recent social-media speculations on the GameStop stock. The threat actors also schemed to distribute these fake applications with social engineering tactics through dating websites to lure victims and legitimate-looking websites of a known financial company.
Further investigation revealed other fake versions of well-known cryptocurrency trading, banking and stock trading apps designed for iOS and Android, all of which are designed to steal money from the victims they will fool. A server was found to host hundreds of counterfeit banking, foreign exchange, cryptocurrency and trading applications. The bogus apps were designed to impersonate well-known financial firms and well-known cryptocurrency trading platforms. This includes fake versions of Gemini, Barclays, Binance, Kraken, BitFlyer, TDBank, Bitwala and BitcoinHK. A dedicated website was allotted to tailor the theme and looks of each of the website they are impersonating.
According to a user who fell victim to the scam, the initial contact with the threat actors that lured him into installing the app came from a social media and dating site. The scammer befriended the victim and lured them to shift their communication to another messaging app. Face to face meetings was avoided while citing the covid19 pandemic as the reason. After establishing trust, the victim was convinced to download and install a cryptocurrency trading application with the link they provided.
The link contains a page impersonating HK based trade and investment company, the Goldenway Group. It also has the options for the user to download the app on iOS and Android versions. The victims were walked through the installation process and encouraged the victim in purchasing cryptocurrency and then transferring into a wallet. When the victim started asking to withdraw the crypto value, the threat actors behind the fake account began to make excuses. They then will finally block the victim’s history with all the purchased cryptocurrency amount in the threat actor’s wallet.
The Goldenway Group is aware of these kinds of scams. There is a warning about fraudsters scamming users using their company image on the company’s actual website and alerts users to steer clear from such websites and apps.
Fraudsters have targeted people in Asia
On one of the server’s references by these fake apps, the security researchers could extract and collect a significant amount of the uploaded data. These included passport images, national identity cards, insurance cards, driver’s licenses and bank and cryptocurrency transfer records. The majority of the passports and IDs belonged to Asian nationals from Malaysia, Japan, South Korea and China.
It is believed that the ID cards might have been used by the fraudsters to process legitimate financial transactions and the receipts as confirmation about the deposits from the victim’s accounts. There are also several photos of attractive people likely used as profile pictures when creating bogus dating profiles. This suggests that dating websites are also used as bait to lure the victims.
Unaware and innocent people tend to trust things that are vouched by someone they think they know. Using these fake applications that impersonate well-known businesses around the world makes fraudulent activities more believable. If an offer is unbelievably accurate and promises high returns but asking to transfer money or crypto assets first – this is likely a scam.
Also, we continuously urge everyone to only install apps from trusted sources such as Google Play Store and Apple App Store because these apps were verified by the store’s security team. Legit websites only redirect the users to the genuine mobile app on the online stores.
