Scammers were recently able to put two fraudulent crypto scam apps onto Apple and Google app stores, bypassing defences in both their platforms. Also known as pig butchering scams, this type of fraud has been happening for a number of years. It involves the use of fake websites, malicious and false advertising and social engineering and, with fraudulent apps, including these crypto scam apps, scammers can gain a victim’s trust easier and receive a bigger pay out in return.
CryptoRom is a malware campaign which combines crypto scams with a method of catfishing. In recent years, CryptoRom scammers have hugely improved their techniques and are now able to leverage new features on mobile devices, partly the reason why they managed to place scam apps onto Apple and Google stores in this instance.
But, with so many processes in place, how exactly were these crypto scam apps able to find their way onto these highly protected stores? Let’s take a look at the CryptoRom scam and the intricacies of these crypto scam apps.
What Were The Crypto Scam Apps?
The CryptoRom scam apps that were able to be placed onto the Google and Apple app stores were called Ace Pro and MBM_BitScan. Although these crypto scam apps are fraudulent, the real question is how they managed to appear on the App stores in the first place, which are usually protected and governed by very strict security protocols. The crypto scam apps are immune to Apple’s Lockdown mode, which was designed to protect users from sophisticated engineering that is typically used in pig butchering scams.
It is notoriously difficult to get malware past the security review processes used by both Apple and Google, which is why the appearance of these crypto scam apps on the app store is a concern. Now that scammers know it can be done, this brings the potential that other scammers will try to infiltrate the app stores, as has happened in the past.
These crypto scam apps tend to use cryptocurrency as one of the main clauses as, unlike fiat currency, cryptocurrency payments can be irreversible and hard to trace, meaning that in most cases, victims won’t be able to get their money back on their own. This is where our team can help. We use specialist tracing services to identify the final wallet destination of your cryptocurrency and then do the work to recover the lost funds.
How Did The Crypto Scam Apps Work?
With the Ace Pro crypto scam app, scammers created and maintained a Facebook account of a woman who was supposedly living in London. The malicious crypto scam app, which was disguised as a QR code scanner, directed users to a remote site when it was originally uploaded to the App Store. Then, both Ace Pro and MBM_BitScan were connected to the same command and control which was designed to deliberately impersonate a legitimate cryptocurrency firm in Japan.
Victims of both scams were approached through applications, including Facebook and Tinder, and they were then asked to move the conversation over to WhatsApp after initial contact – a common sign of a CryptoRom scam. They were then lured into downloading the crypto scam apps. The highly intricate profiles and backstories the scammers create only add to the legitimacy of the scams, especially when paired with the fact that these crypto scam apps were added to the official app stores.
What Are Pig Butchering Scams?
The term pig butchering comes from the strategy scammers use that involves “fattening up” victims before the “slaughter”, or in other words, conning them out of their money. This scam is by no means a new form of scam and is a type of long-term fraud which combines things such as crypto scam apps, investment schemes, romance scams and cryptocurrency fraud into one conglomerate. The name pig butchering scam has been given as scammers will cruelly refer to their victims as pigs, before “butchering” them for their money.
Pig butchering scams will involve a standard scam approach with an initial text, social media message or forum chats on things such as job boards. Once the scammer has initiated contact, they will begin to slowly build a relationship and, in some cases, may even look to spark a romantic relationship, which is why this type of scam is closely associated with CryptoRom and romance scams. This will usually always be done through text messages or other online messaging forums.
At some point, the scammer will introduce an investment opportunity and will use a fake crypto platform in order to show some sort of evidence as to their returns. Victims may then “invest” and see false strong returns being generated, however, their money is going to the scammer in reality. When the victim runs out of money to invest or they try and withdraw funds, the scammers will block the victim. This type of scam unfolds over months, with the scammer slowly gaining the trust of the victim and learning how they can exploit vulnerabilities, like those of Ponzi scams.
Why Is This Scam Different?
Even though there is little this time that is different from other CryptoRom scams, the biggest difference with this instance is the fact that the apps were able to be wrongly added to the Google Play and Apple App stores. This means that there was a higher chance of more people falling victim to the scam by downloading the crypto scam app, rather than those who were already in contact with the scammers. Apple and Google are strict when it comes to removing and disallowing malicious apps, so it is surprising that in this instance, these two managed to get through.
In the past, hackers developed ways to get around conventional security testing and it is known that CryptoRom has previously used the actual Apple Developer Program and Enterprise Signatures. Now, these hackers are taking full advantage of two new iOS features. One of these is TestFlight, which is a feature that app developers use in order to distribute beta versions of their apps to testers and it can be easy for app authors to abuse, such as in this instance.
How To Avoid This Type Of Crypto Scam App
CryptoRom and other pig butchering scams yield high results for scammers in a relatively short space of time, meaning that more and more scammers become incentivised to carry out this type of scam and put more effort into gaining the trust of their victims, in order to receive more in return. What makes this type of scam different from other forms of online and cryptocurrency scams is the lengthy engagement which is involved, from the initial withdrawal to the fake crypto scam apps, and which then makes it hard for the victim to see through the scam.
People’s trust in apps and software tools has grown substantially over recent years and when apps are able to be sourced from official Apple and Google stores – trustworthy names in the tech and global industry – it adds additional legitimacy, which is what makes the case of these crypto scam apps so potentially damaging.