This post is also available in:
עברית (Hebrew)
In recent years, investing in the stock market has become much more common, with many everyday users taking on independent trading in an effort to make more money. Recently, cybercriminals have been ramping up their efforts to defraud users through a major campaign involving fake trading applications, according to threat intelligence analysts at Group-IB. These counterfeit trading platforms are cleverly designed to bypass malware detection systems, enabling attackers to siphon off substantial sums of money from unsuspecting users.
The fraudulent apps have been discovered on both the official Google Play Store and the Apple App Store, built using the UniApp Framework, which allows developers to reuse code across multiple platforms.
Disguised as legitimate trading platforms, the primary objective of these fake apps is to entice victims into depositing funds into bogus trading accounts. This scam involved cybercriminals nurturing a relationship with their victims over weeks or even months. By gaining their trust, they encourage significant investments, which only seem to yield returns on the counterfeit platform. This return on investment prompted users to invest even more funds through the app, eventually leaving them with incredible losses when the fraud was revealed.
Group-IB’s report outlines two primary distribution methods for these scams: through official app stores and phishing websites. The fraudulent apps often require users to input an invitation code to register, employing social engineering tactics that further entrap victims. During the registration process, users may be prompted to upload identification documents, provide personal information, and agree to extensive terms and conditions.
The app’s backend processes are handled on a web server, with core functionalities accessed via a URL. They are designed to gather information about the device and its settings, creating an illusion of legitimacy. Once a victim makes a deposit, the fraudsters guide them on which trades to make. After a few seemingly successful trades, victims are persuaded to invest even more money, only to find themselves unable to withdraw their funds later.
These malicious applications mimic numerous reputable cryptocurrency and trading platforms, with specific Android packages identified as com.finans.trader and com.finans.insights. The domains used in these scams often impersonate financial institutions.
“The use of web-based applications further conceals the malicious activity and makes detection more difficult,” the report warns. To protect themselves, users are advised to exercise caution when clicking on links from unsolicited messages and to thoroughly research any investment platforms they consider.
Group-IB recommends that users remain vigilant, even when downloading applications from official stores. It’s crucial to check the publisher’s credentials, application ratings, and user reviews to ensure legitimacy. Always prioritize installing apps from trusted official websites to safeguard your personal information.
