A Group-IB researcher has published work that outlines the company’s work in uncovering a large-scale fraud campaign involving fake trading apps targeting Apple iOS and Android users across multiple regions through the UniApp framework.
Andrey Polovinkin, Group-IB’s Reverse Research Team Lead, is behind the work, and reveals that the fake trading apps are being distributed through official app stores and phishing sites.
Pig Butchering, a term used to describe a sophisticated and manipulative scam in which cybercriminals lure victims into fraudulent investment schemes, typically involving cryptocurrency or other financial instruments, is not new. However, the strategies and tactics used by cybercriminals continue to evolve.
Key findings from the investigations include:
-
Cybercriminals use fake trading applications to lure victims with the promise of financial gain;
-
Individuals are lured by cybercriminals into funding bogus trading accounts, ultimately stealing their money;
-
Cybercriminals initiate conversations with potential victims through dating applications, using social engineering tactics to gain their trust;
-
Fraudulent applications have been discovered in Apple App Store and Google Play Store;
-
The fraudulent applications are built using the UniApp Framework;
-
Various applications were discovered and have been classified under a single malware family dubbed by Group-IB as UniShadowTrade;
-
Application provides multi-language support for English, Portuguese, Chinese and Hindi; and
-
Group-IB’s Threat Intelligence and Fraud Protection analysts have detected victims in the Asia-Pacific, European, Middle East and Africa regions, indicating the global reach of this scam.
Victims are lured in with the promise of easy financial gains, only to find that they cannot withdraw funds after making significant investments. The use of web-based applications further conceals the malicious activity and makes detection more difficult. Group-IB makes some recommendations for financial organisations:
-
Implement a user session monitoring system to detect the presence of malware and block suspicious sessions before any personal information is entered;
-
Educate your customers about the dangers of mobile malware, including how to recognise fake websites, avoid malicious apps, and protect their passwords and personal data;
-
Utilise a Digital Risk Protection platform to identify and mitigate the unauthorised use of your logos, trademarks, content, and design elements across the digital landscape; and
-
Ensuring a secure organisation demands continuous vigilance. Employ a proprietary solution that can bolster security by providing teams with the latest insights into emerging threats.