Scammers involved in the so-called “pig slaughter” scam sneaked apps into Apple’s App Store and Google Play Store by temporarily presenting harmless functionality.
The App Store includes an option for users to report apps for fraud, and in 2022, Apple says it has blocked 1.6 million “problem apps” from users. But according to a new report from security firm Sophos, the App Store review team said he got at least two apps involved in the scam.
One was called Ace Pro for scanning QR codes and the other was presented as a cryptocurrency real-time data tracker called MBM_BitScan. “One of her victims lost about $4,000 on this bogus application,” Sophos said.
Apps typically access and present website data to users. In these two cases, it is believed that you temporarily visited a legitimate-looking and functioning site. When the apps were reviewed, each seemed to do exactly what it claimed to do.
However, once the app is approved and posted on the App Store, the linked website appears to have changed.
“In the case of the Ace Pro app, malicious developers injected code related to QR checks and other iOS app library code into the app to make it appear legitimate to reviewers,” Sophos said. “However, when the app is launched, it sends requests to domains registered in Asia (the rest of the domains).[.]pizza[.]net), which responds with content from another host (acedalex).[.]xyz/wap)”
“It is this response that provides a fake CryptoRom trading interface,” continues Sophos. “Criminals may have used a legitimate-looking site in their response at the time of app review and later switched to her URL on her CryptoRom.”
Both apps then presented users with a cryptocurrency trading service with a “functioning but fake trading interface with the ability to deposit and withdraw cryptocurrencies.” Money deposited through the app goes to the fraud team “not your actual trading account”.
“Slaughter of pigs” scam
Also known as CryptoRom, “Slaughter of Pigs” is a long-running scam that traps victims through social engineering and online dating applications. The victim is approached through online dating and encouraged to move the conversation to her WhatsApp.
Ultimately, Date uses “highly developed profiles and backstories” to “lure victims into trusting the guidance provided by criminals”. and say that you have already invested yourself.
In this case, the mere presence of the apps in the App Store and Google Play Store helps make them appear legitimate. Apple took notice from her Sophos to remove both apps, and Google Play removed his one app found in its store.
This isn’t the first time apps have been used to scam users, but in the past most have been called “fleeceware.” These are apps that have a free trial, but are automatically charged for a recurring subscription until actively suspended.
Read on AppleInsider