Cybersecurity researchers have reported finding multiple mobile applications used in so-called ‘pig butchering’ schemes, lurking on the official Google and Apple repositories.
‘Pig butchering’ is a type of financial fraud in which the victims – called ‘pigs’ – are first “stuffed”, before being “slaughtered”. In other words, the victims get led on for weeks and months, and their wallets drained and drained, before the fraudsters finally pull the trigger and disappear with the money, completely.
The apps found by Group-IB are called SBI-INT (iOS), Finans Insights (Android), Finans Trader6 (Android), and have thousands of downloads among them, suggesting that many people fell for the trick.
Bots across the world
Pig butchering mostly targets cryptocurrency users. The fraudsters would usually assume the identities of beautiful young women, and would approach the victims in casual conversation, or even flirt with them. At some point, they would introduce them to a unique, hidden, or otherwise scarce, cryptocurrency trading platform that guarantees major gains for their users. In some instances, the victims were led to believe they would earn millions through the platform, and then ride off into the sunset with their newfound significant other.
The platform is obviously fake, and built by the fraudsters as a way to steal the victim’s money. But the trick is to keep the ruse going for as long as possible. The victim is first invited to invest a little money, and then shown – through the app – their enormous gains. Obviously, these are all just numbers on a screen and the actual money is already with the fraudsters.
The victim is then enticed to invest more and more, and by the time they decide to withdraw the money – it’s already too late. To make matters worse, the “stuffing” continues even after the victim realizes they can’t withdraw. Sometimes, they will reach out to customer support (also scammers), who would tell them they need to pay a withdrawal fee.
Both Google and Apple removed the apps from their repositories as soon as they were notified.
The best way to protect against such scams is to use common sense – if something sounds too good to be true, it most likely is.
Via BleepingComputer