A large-scale fraud campaign [1] [2], known as pig butchering [1] [2], has been uncovered by Group-IB [1] [2], targeting victims globally with promises of financial gain through investments in cryptocurrency or other financial instruments [1] [2].

Description

Fake trading apps on the Apple App Store and Google Play Store [1] [2], as well as phishing sites [1] [2], are used in this campaign. The fraudulent apps, built using the UniApp Framework and classified as UniShadowTrade [1] [2], have been active since at least mid-2023 [1] [2]. One of the apps [1] [2], SBI-INT [1] [2], managed to bypass Apple’s review process [1] [2], giving it an air of legitimacy [1] [2]. Victims are deceived into providing personal information [1] [2], job details [1] [2], and agreeing to terms and conditions before making investments [1] [2]. Once funds are deposited [2], victims are asked to pay additional fees to recover their investments [2], which are then stolen and diverted to the attackers’ accounts [1] [2]. To conceal their activities and make detection more difficult [1] [2], cybercriminals use web-based applications [1] [2].

Conclusion

This fraudulent campaign has serious implications for victims who have lost their investments and personal information. It is important for individuals to be cautious when investing in cryptocurrency or financial instruments and to verify the legitimacy of trading apps before using them. Law enforcement agencies and cybersecurity experts must work together to track down and prosecute those responsible for these fraudulent activities to prevent further harm to unsuspecting victims.

References

[1] https://patabook.com/technology/2024/10/02/fake-trading-apps-target-victims-globally-via-apple-app-store-and-google-play/
[2] https://thehackernews.com/2024/10/fake-trading-apps-target-victims.html