The Pig Butchering scam, a scam operation that specializes in fake investments in allegedly promising cryptocurrency projects, stocks, bonds, futures and options, was found in the Apple and Google app stores.

Such attacks are called “pig slaughter”, and scammers use social engineering against their victims (“pigs”), finding contact with them on social networks and dating applications.

You might also be interested in our article: 12 Instagram Scams to Know and Avoid in 2023.

Pig Butchering is a relatively new phenomenon. For example, the FBI first warned users against such fraud last fall. Then law enforcement officers explained that this is a very profitable scheme used by scammers around the world.

We also wrote that Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Pig Butchering.

Law enforcers reported that scammers use social engineering and get in touch with people (“pigs”) on social networks and dating apps. Over time, perpetrators gain the trust of their victims by feigning friendship or romantic interest, and sometimes even posing as the target’s real friends.

When the “contact” is established, the criminals at some point offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. Alas, it will be impossible to return your funds and receive fake “income” from such a resource.

These scams can go on for months, and the victim sometimes gives the scammers huge sums (thousands to millions of dollars) before realizing they have been scammed. For example, last fall, Forbes reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs”. In this case, the scammers pretended to be an old colleague of the victim.

According to experts from Sophos, “Pig Butchering” has already penetrated the official app stores. Now scammers are targeting victims on Facebook or Tinder using fake profiles of women with photos stolen from other accounts. At the same time, fake profiles showcase a deliberately luxurious lifestyle with photos from high-end restaurants, expensive shops and exotic places.

After gaining the victim’s trust, the scammers reveal that they have an uncle who works for a financial analysis firm that is currently launching an app on the Play Store or App Store that allows you to trade cryptocurrencies. That is, in the end, the victim is persuaded not to go to a fake site, but to download a special application and “invest” in non-existent assets masquerading as real ones.

The malicious apps that the analysts found were called Ace Pro and MBM_BitScan in the Apple App Store and BitScan in the Google Play Store. All of them have now been removed.

After launching the application, the victim sees a very convincing interface for trading cryptocurrency, however, everything except the user’s deposit here is a fake.

It is noted that at first, in order to decline the vigilance of the target, scammers allow victims to withdraw small amounts in cryptocurrency from their accounts, but then, when there is already a lot of money, they block accounts and take everything.

To bypass App Store security checks, ShaZhuPan operators submit an app to the store that is signed with a valid certificate. Until approval is received, such an application connects to a regular server and pretends to be absolutely harmless. After passing the verification, the developers change the domain, and the application is already connecting to the malicious server.

According to experts, the BitScan apps for Android and iOS were allegedly provided by different vendors, but communicated with the same control server, which was hosted on a domain masquerading as bitFlyer (a real cryptocurrency exchange company from Japan).

Sophos reports that the Chinese group ShaZhuPan is behind one of these campaigns, divided into separate teams, each of which is engaged in one thing: interaction with victims, finance, franchise or money laundering.

The researchers conclude that since such applications are downloaded by a small number of users, manually selected by scammers, there are no massive complaints about them, which makes them difficult to detect and remove from stores. Sophos also notes that with the advent of fintech in our lives, people’s trust in such software tools has increased, and when applications are taken from the official Apple and Google stores, the victims have a false sense of legitimacy.

The media also wrote that Two Cryptocurrency Scammers from Estonia Made $575 Million from a “Ponzi scheme”.

The post Cryptocurrency Scam “Pig Butchering” Penetrated the Apple App Store and Google Play Store appeared first on Gridinsoft Blog.

Let me remind you that we wrote that Ukrainian Law Enforcers Arrested Hackers Who Sold More Than 30 Million Accounts, and also that Ukrainian law enforcement officers arrested members of the hacker group Phoenix.

Fraudsters operated call centers and offices in Germany, Spain, Latvia, Finland, Albania, and Ukraine and forced their victims to make fake investments.

The publication Bleeping Computer says that the criminals have created an extensive network of fake sites disguised as resources for investors in cryptocurrencies, stocks, bonds, futures, and options. The scammers pretended that the investments were profitable for the investors, convincing the victims that they could make a quick profit and tricking them into investing even more.

In fact, neither the investment nor the “profit” could be withdrawn from the fraudulent platforms, and by the time the victims realized what was happening, they were already losing huge sums.

The FBI recently warned about this type of fraud, calling such attacks “pig butchering“. Law enforcers wrote that this is a very profitable scheme used by scammers around the world.

The FBI explained that scammers use social engineering and get in touch with people (“pigs”) on social networks. Over time, perpetrators gain the trust of victims by faking friendship or romantic interest, and sometimes even posing as real friends of the target. Then, at some point, the criminals offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. As mentioned above, it is impossible to return funds and receive fake “income” from such a resource.

These scams can last for months, and the victims give the scammers huge sums (from thousands to millions of dollars) before realizing they have been scammed. For example, Forbes recently reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs.” In this case, the scammers pretended to be an old colleague of the victim.

According to a Ukrainian cyber police statement, the criminal group has hired more than 2,000 people in its call centers, luring victims to fraudulent websites. There were three call centers located in the territory of Ukraine, and five people detained by the police were allegedly the organizers of local operations. It is reported that during the searches conducted in Kyiv and Ivano-Frankivsk, more than 500 pieces of computer equipment and mobile phones were seized.

The detainees will be charged with fraud, which is punishable by up to eight years in prison.

But cyber scammers do not live by slaughtering pigs alone, for example, the media recently reported that the Cyber Police of Ukraine had neutralized a large phishing service, which operators’ attacked banks in eleven countries.

The post Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Fake Investments appeared first on Gridinsoft Blog.