Crypto scams found in the App Store.
N2K logoFeb 1, 2023

Sophos researchers today detailed fraudulent CryptoRom apps found in the App Store for pig butchering scams.

Crypto scams found in the App Store.

Sophos researchers today released a report detailing their observations of fraudulent CryptoRom apps making their way into the App Store for pig butchering scams. Pig butchering, which we’ve mentioned previously, combines social engineering tactics with false financial apps and sites to lure victims and steal their money.

Ensnaring victims through social engineering.

The reported victims were found on Facebook Dating and Tinder. One victim was lured by a potential romantic connection on Facebook Dating that appeared to be a London-based woman living a high-end lifestyle, complete with BBC News updates to solidify the victim’s belief in the account’s legitimacy. This ultimately led to the scammer inviting the victim to invest and trade crypto under the guise that “her” uncle worked in finance. When the account was initially created and used, small amounts of crypto could be withdrawn, however, larger transactions triggered the account to be “locked,” with customer service requiring a 20% fee to access the currency. The other victim’s path was similar, varying primarily in their beginnings on Tinder, rather than Facebook.

Evading App Store review.

Two CryptoRom apps were found on the Apple App Store, one called Ace Pro, and the other MBM_BitScan. Ace Pro does not appear to have any connection to cryptocurrency, rather it is described as a QR code scanning app. The other, MBM_BitScan, feigns its use to be a real-time cryptocurrency stock tracker, though it has a fake trading interface as well. Researchers suspect that the remote nature of the malicious functionalities allowed for concealment of the true nature of the app until after the stringent App Store review. Google Play also has a version of the app, though the vendor name is different.

Why this pig butchering scam works.

The actors behind the scams are tracked by researchers as the “ShaZhuPan” group, initially targeting Chinese and Taiwanese victims. Many victims were well-educated, with some holding doctoral degrees, and explained their reasons for buying into the scam, citing an unusually long length of engagement with the scammer, proof of a successful initial withdrawal, mirrored transactions, and in some cases, fake loans. Researchers also cite emotional vulnerability in the victims, increased development in FinTech, and trust in providers’ security detection as potential contributors to scammer success.