Sophos, a cybersecurity company, has found out that people who run high-yield investment schemes called “pig butchering” have found a way to get around security measures in Google Play and Apple’s App Store.
Sophos also found out that the killing of the pigs was part of a bigger plan by a Chinese threat group called “ShaZhuPan.”
Before, the group’s scams involved malicious advertising, social engineering, and fake websites. Now, the group is looking into Google Play and the Apple play store because the victim is more likely to trust the scammer when they use these platforms.
Scammers also try to get into their victims’ social media accounts, especially Facebook and Tinder profiles. They usually try to get their victims to download fake apps that pay high dividends.
Psychological Approach
Scammers target male users on social media sites like Facebook and Tinder by making fake profiles of flashy women. Most of the time, the scammer’s profile shows every aspect of a high-class life.
Once the victim trusts them, the scammers say they are related to well-known financial research companies and show the victim a fake app for that company on the play store or the apple play store.
Sophos says that MBM BitScan, Ace Pro, and BitScan from the Apple App Store and BitScan from the Google Play Store are terrible apps used in the fraud.
How scammers bypass App store sign-up
The ShaZhuPan gang usually sends an app that Apple has signed with a valid certificate. Once the app is approved to be on the excellent server and App store repository, the scammers connect it to the wrong server.
When the app is opened on the victim’s phone, the malicious server tells the app to show a trading screen for cryptocurrencies. Everything on the app is fake except for the user’s deposit.
Because the scammers only target a small number of people, the bad reviews and reports about the malicious app need to get the attention of the application store’s security systems.
Sophos, on the other hand, said that more pig-butchering scams might pop up because scammers can make much money quickly and because people who use apps from Google Play stores tend to think that the apps are more legitimate.
Sophos also said that before downloading any app, you should always look at reviews, information about the developer, company profiles, and privacy policies.
You must log in to post a comment.