Fake Cryptocurrency Apps on iOS and Android Defrauding Asian Users

By Bill Toulas / May 13, 2021

The rise in cryptocurrency value is fueling a rise in trading volumes, and as many newcomers seek to join the party, scammers are throwing their hooks to bait them and steal their money. A Sophos report describes a very problematic situation in that space, with several fake trading and crypto-holding apps circulating on the web, covering both the iOS and the Android mobile systems.

The dissemination of these apps happens through fake sites that are made to mimic the look of their legit counterparts, and people are led there via forum posts, dating sites, and various social engineering tricks. In general, it appears that the targeting concerns mostly Asian users, but everyone is at risk no matter where they are based.

Sophos researchers started digging into the matter after the security company received a tip from a victim of a scam app, and soon, they found numerous applications. Among the counterfeit apps are Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. Possibly, there are more, but these are the most popular anyway, so most victims are falling for scams themed after them.

Source: Sophos

These apps contain a hardcoded wallet that is under the control of the scammers, so whatever purchase the victims make thinking they are investing in crypto goes directly into the pocket of the crooks. When the victim realizes that, the actors make various excuses and try to convince the victim to try again and make more transactions. If that fails, the victim’s account is blocked.

Source: Sophos

Interestingly, these apps are also made available for iOS, which requires quite a lot of security bypassing. To achieve this, the fake cryptocurrency trading apps contract third-party services like Dandelion (pgyer[.]com), which offers valid signatures, enabling app authors to offer software that can be installed on the iPhone or iPad without having to submit it on the App Store.

These platforms don’t take any responsibility for what the buyers of their services do with the signatures and don’t check if the apps are malware, or defrauding tools, or whatever else.

Source: Sophos

In several cases, the researchers noticed messages that requested direct money deposits on Hong Kong-based banks, sent via the in-built chat, and pretending to be from the support team. These are presented as fees for issuing a card that can be used to withdraw crypto from regular ATMs, make payments on POS terminals, etc.

To protect yourself against these scams, make sure to do the following:

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: