Hundreds of fake applications entice you to trade in cryptocurrencies

Increased interest in investing and cryptocurrencies also brings with it a growing number of counterfeit applications aimed at raising money from unsuspecting victims. This unpleasant fact was recently pointed out by the security company Sophos.

What began as an analysis of one suspicious application eventually ended with the identification of nearly two hundred fake applications for stock trading, internet banking and cryptography.

Security experts were expected to detect up to 167 fake Android and iOS applications. It combines the abuse of well-known brands, social engineering and fake websites to download installation files.

Reaching through dating and social networks

In the whole case, the most interesting thing is that the attackers used to search for victims through online dating and social networks. They made initial contact, built trust, and gradually tried to persuade the victims to go to a fraudulent website and download a fake application. At first glance, everything seemed legitimate enough, including the applications themselves.

The fraudsters abused well-known companies such as Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer or TDBank. They had their own website, application and even technical support for each of them.

The principle of the whole attack was that the victim had to install a fake application, which the fraudsters willingly helped her with. She was subsequently persuaded to buy a cryptocurrency or to carry out a transaction. It ended with the communication stabilizing or being completely blocked.

Fake applications

In the application, it looked like the transaction went exactly as expected, but in reality the funds were redirected to the fraudsters’ account. To make the whole thing even more credible, in some cases the victim had to enter an invitation code when creating the user account. Not to mention that the interface of the application looked exactly the same as in the official version.

It is clear that the people behind the whole scam thought it all out in detail. From fake sites to application distribution to advanced social engineering and smart communication. Requests for a possible face-to-face meeting, for example, have been rejected by the fact that the current period is a pandemic and therefore not possible. They moved communication to a separate application, but mainly abused inattention and the vision of quick profit.

Too much trust does not pay

Although some details are missing, the lesson is perhaps clear. Let’s sum it up quickly. First of all, applications need to be downloaded from official stores, which is the basis we have been talking about for years. Secondly, if someone contacts you via a social network or a list and shows you how you can invest or earn quickly, then it is probably not a good idea.

Third, you always check everything properly and don’t trust anyone in the online world. You should handle cryptocurrencies like money. You also do not log in to internet banking via random websites or applications and you do not send money to someone you do not know.