Criminals have published hundreds of fake banking, finance and cryptocurrency apps designed to steal users’ money.
According to Sophos a number of bogus mobile trading apps have been masquerading as a well-known Asia-based trading company.
“As we investigated, we uncovered several other counterfeit versions of popular cryptocurrency trading, stock trading and banking apps on iOS and Android, all designed to steal from those fooled into using them,” Sophos said.
In some cases, the criminals used dating sites to lure in victims to get them to download the illegitimate app to steal their money.
In others, they would create websites designed to look like they belonged to legitimate companies.
“During investigation of one of the apps, we encountered a server which was hosting hundreds of fake trading, banking, foreign exchange, and cryptocurrency apps,” Sophos said.
“Among them were counterfeit apps impersonating major financial firms and popular cryptocurrency trading platforms.”
Targeted through dating apps
Sophos said one of the victims reported contact had been made through an online dating app. The scammers befriended the victim and shifted the communications to a messaging app.
“They avoid requests for face-to-face meetings, citing the COVID-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link,” Sophos said.
“The link was to a page impersonating a Hong Kong based trading and investment company called Goldenway Group. The page had options to download both iOS and Android apps.”
The scammers then walked the victim through the installation process and encouraged them to buy cryptocurrency. After a period of time the scammers blocked the victim, keeping their money.
Goldenway is aware of the scam, having put out a warning notice on its website.
Scamwatch shows that this year alone over $17.4 million has been lost to romance and dating scams in Australia.