The Pig Butchering scam, a scam operation that specializes in fake investments in allegedly promising cryptocurrency projects, stocks, bonds, futures and options, was found in the Apple and Google app stores.
Such attacks are called “pig slaughter”, and scammers use social engineering against their victims (“pigs”), finding contact with them on social networks and dating applications.
You might also be interested in our article: 12 Instagram Scams to Know and Avoid in 2023.
Pig Butchering is a relatively new phenomenon. For example, the FBI first warned users against such fraud last fall. Then law enforcement officers explained that this is a very profitable scheme used by scammers around the world.
We also wrote that Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Pig Butchering.
Law enforcers reported that scammers use social engineering and get in touch with people (“pigs”) on social networks and dating apps. Over time, perpetrators gain the trust of their victims by feigning friendship or romantic interest, and sometimes even posing as the target’s real friends.
When the “contact” is established, the criminals at some point offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. Alas, it will be impossible to return your funds and receive fake “income” from such a resource.
These scams can go on for months, and the victim sometimes gives the scammers huge sums (thousands to millions of dollars) before realizing they have been scammed. For example, last fall, Forbes reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs”. In this case, the scammers pretended to be an old colleague of the victim.
According to experts from Sophos, “Pig Butchering” has already penetrated the official app stores. Now scammers are targeting victims on Facebook or Tinder using fake profiles of women with photos stolen from other accounts. At the same time, fake profiles showcase a deliberately luxurious lifestyle with photos from high-end restaurants, expensive shops and exotic places.
After gaining the victim’s trust, the scammers reveal that they have an uncle who works for a financial analysis firm that is currently launching an app on the Play Store or App Store that allows you to trade cryptocurrencies. That is, in the end, the victim is persuaded not to go to a fake site, but to download a special application and “invest” in non-existent assets masquerading as real ones.
The malicious apps that the analysts found were called Ace Pro and MBM_BitScan in the Apple App Store and BitScan in the Google Play Store. All of them have now been removed.
After launching the application, the victim sees a very convincing interface for trading cryptocurrency, however, everything except the user’s deposit here is a fake.
It is noted that at first, in order to decline the vigilance of the target, scammers allow victims to withdraw small amounts in cryptocurrency from their accounts, but then, when there is already a lot of money, they block accounts and take everything.
To bypass App Store security checks, ShaZhuPan operators submit an app to the store that is signed with a valid certificate. Until approval is received, such an application connects to a regular server and pretends to be absolutely harmless. After passing the verification, the developers change the domain, and the application is already connecting to the malicious server.
According to experts, the BitScan apps for Android and iOS were allegedly provided by different vendors, but communicated with the same control server, which was hosted on a domain masquerading as bitFlyer (a real cryptocurrency exchange company from Japan).
Sophos reports that the Chinese group ShaZhuPan is behind one of these campaigns, divided into separate teams, each of which is engaged in one thing: interaction with victims, finance, franchise or money laundering.
The researchers conclude that since such applications are downloaded by a small number of users, manually selected by scammers, there are no massive complaints about them, which makes them difficult to detect and remove from stores. Sophos also notes that with the advent of fintech in our lives, people’s trust in such software tools has increased, and when applications are taken from the official Apple and Google stores, the victims have a false sense of legitimacy.
The media also wrote that Two Cryptocurrency Scammers from Estonia Made $575 Million from a “Ponzi scheme”.