• Home
  • Apps
  • Apps News
  • Fake Apps Masked as Cryptocurrency, Trading, Banking Apps Duping iOS, Android Customers: Sophos

Fake Apps Masked as Cryptocurrency, Trading, Banking Apps Duping iOS, Android Customers: Sophos

Counterfeit apps are impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank.

Fake Apps Masked as Cryptocurrency, Trading, Banking Apps Duping iOS, Android Customers: Sophos

Photo Credit: Sophos

Links to both iOS and Android platforms for these fake apps are made available

Highlights
  • To bypass App Store, scammers exploit Apple’s a Super Signature process
  • Sophos found this issue while investigating fake app of Goldenway Group
  • Schemes to download these fake apps are leveraged through dating sites

Several counterfeit versions of popular cryptocurrency trading, stock trading and banking apps have been discovered by Sophos on iOS and Android platforms, designed to steal sensitive information. All those who download these fake apps can be potential victims of data theft. Counterfeit apps are impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. Sophos found these fake apps while looking into a fraudulent mobile trading app that masqueraded as one tied to a well-known Asia-based trading company, Goldenway Group.

Sophos says that schemes to distribute these fake apps are leveraged though dating sites and social media. These apps are made cleverly to look like those belonging to the actual legitimate ones. “These websites forwarded victims to third-party sites that delivered iOS mobile applications via configuration management schemes, iOS mobile device management payloads carrying “Web Clips”, or Android apps depending on the device used, the report by Sophos notes.

The report details one victim's misery wherein he touched base with the scammers through social media and a dating site. The scammers befriended the victim and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the COVID-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link. They even walked the victim through the installation process and encouraged him to buy cryptocurrency and transfer it into their wallet. After the transfer was made, the scammers blocked the victim's account and ended communication.

The fake app that the victim was tricked to download was an impersonation of the Hong Kong-based trading and investment company called Goldenway Group. The company is aware of this scam and even has posted a warning on the company's actual website with an alert about fraudsters scamming users with a similar named site and asks its users to steer clear of such apps.

To bypass the App Store, scammers use third-party services to deploy what's known as a Super Signature process. This allows app developers to use Apple's ad-hoc application distribution method to deliver applications to iOS devices—a process intended to allow developers to distribute apps directly to a limited number of devices for testing. However, it is being abused by malicious pp developers. Scammers even used the Web Clips technique to dupe iPhone customers.

To avoid falling prey to such malicious apps, practice the following guidelines.

  1. Users should only install apps from trusted sources such as Google Play and Apple's App Store.
  2. Developers of popular apps often have a website, which directs the users to the genuine app.
  3. Users should verify if the app was developed by its genuine developer.
  4. Install an antivirus app on your mobile device.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Jio Phone Users to Get 300 Minutes of Free Calling, Buy 1 Get 1 on Recharge Amid Coronavirus Pandemic

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com