A large-scale global fraud campaign has been targeting unsuspecting victims through fake trading apps on the Apple App Store and Google Play Store, exploiting the trust users place in these platforms. Discovered by cybersecurity firm Group-IB, the fraud scheme, known as “pig butchering,” is part of a wider investment scam where users are tricked into making false investments in cryptocurrency or other financial products. The scammers build trust with their victims by posing as romantic partners or financial advisors, eventually leading them to install malicious apps that appear to be legitimate tools but are designed to steal funds.
One of the fraudulent apps, named SBI-INT, was able to bypass Apple’s notoriously strict app review process, presenting itself as a tool for algebraic formulas and 3D graphics. Once downloaded, the app behaved like a legitimate tool until a certain date, after which it morphed into a fake trading platform. The app was eventually removed from the App Store, but by then, it had already misled users. Following its removal, the scammers shifted their distribution method to phishing websites, using links to trick both iOS and Android users into downloading malicious apps outside official app stores. For iOS users, this involved sideloading the app by manually approving the developer profile, a method that bypasses App Store restrictions.
Once victims installed the fake trading apps, they were led through a six-step registration process. This included entering personal information, providing identity documents, and agreeing to the platform’s terms of service. The app would then simulate investments, showing the victim’s money growing as if they were gaining profits. Victims were encouraged to invest more money with promises of guaranteed high returns. However, when they attempted to withdraw their supposed earnings, they were met with demands for additional fees. These fees were portrayed as necessary for processing the withdrawal, but in reality, the funds were stolen by the cybercriminals and funneled into accounts under their control.
The campaign has had a far-reaching impact, affecting victims across the Asia-Pacific region, Europe, the Middle East, and Africa. Countries like Japan, South Korea, and Cambodia were some of the primary targets of the apps, particularly two identified Android apps named FINANS INSIGHTS and FINANS TRADER6. Group-IB’s investigation revealed that these apps were downloaded fewer than 5,000 times before they were taken down from the Google Play Store, though they still managed to cause significant financial damage. Users are advised to exercise extreme caution when downloading apps, especially those related to financial investments. They should thoroughly review app publishers, ratings, and comments, and avoid responding to unsolicited messages on social media and dating apps, as these are often the first points of contact for the scammers.
