Beware of Fake Trading Apps Scam: Cybercriminals Targeting Victims Globally

A sophisticated fraud campaign utilizing fake trading apps has been uncovered by cybersecurity firm Group-IB, targeting unsuspecting victims on both the Apple App Store and Google Play Store. The operation, known as pig butchering, tricks individuals into investing in cryptocurrency or other financial instruments under false pretenses such as a romantic relationship or investment advice.

The global reach of this scheme spans across Asia-Pacific, Europe, the Middle East, and Africa, with victims falling prey to malicious apps built using the UniApp Framework, collectively known as UniShadowTrade. Despite being active since at least mid-2023, one of the apps managed to surpass Apple’s App Store review process, further legitimizing the scam.

Once installed, the apps prompt users to provide personal information and agree to terms and conditions before making investments. The cybercriminals then manipulate victims into depositing additional funds, promising high returns and displaying false gains to maintain the deception. However, when users attempt to withdraw their funds, they are coerced into paying more fees, ultimately leading to the loss of their investments.

The use of phishing websites and web-based applications has helped the perpetrators evade detection, with one such app distributing a URL hosted on a legitimate service to mask its malicious intent. Despite the fake trading apps being removed from the app stores, the threat actors continue to operate, emphasizing the importance of cybersecurity vigilance to thwart such scams.