With Halloween approaching, it’s the perfect time to share a frightening tale about two apps available on both Apple’s App Store and Google’s Play Store that came with a terrifying twist: draining users’ bank accounts. Here’s what you need to know from Group-IB’s report on a major pig-butchering scam involving trading apps.
Massive Fraud Exposed with Fake Trading Apps Discovered on Apple and Google App Stores
Group-IB’s threat researchers, well-known for assisting Europol in dismantling a criminal network that unlocked 500,000 stolen smartphones, have a long history of investigating criminal operations, many of which are truly alarming. One example is their newly released report, Pig Butchering Alert: Fraudulent Trading Apps Targeted iOS and Android Users, which reveals a large-scale fraud campaign. This scam used fake apps available from various sources, including the official Apple App Store and Google Play Store, to target users.
“Pig butchering” is a term I find offensive as a vegan, but it’s commonly used to describe a scam where fraudsters lure victims into an investment scheme, often involving cryptocurrency, designed to steal as much money as possible. The term refers to how scammers build the victim’s trust before making their move, similar to fattening a pig before slaughter. While these scams aren’t new, they are constantly evolving, as shown in Group-IB’s analysis.
Researchers found that many of these fake apps, primarily developed for Android, were built using a cross-platform development framework. At least one app appeared on the Google Play Store, and another, developed for iOS, was found on Apple’s App Store. These apps were cleverly crafted to look like legitimate trading platforms, avoiding the usual malicious signs that Apple and Google’s security systems would detect and block.
How Pig-Butchering Scams Operated
Group-IB revealed that these scams began with social engineering tactics to gain the victim’s trust. Fraudsters targeted individuals through dating apps, social media platforms, or even cold calls, investing weeks in building a relationship. Once trust was established, they would suggest downloading a fake trading app from the official App Store.
In the case of the iOS app, which was the focus of Group-IB’s report, the app stayed on the App Store for several weeks before being removed. After its removal, the scammers shifted to phishing websites to distribute both iOS and Android apps. The temporary presence of these apps in official stores, like Apple’s and Google’s, lent credibility to the scam, as victims generally trust these platforms to protect them from harmful apps. This trust not only extended to the apps but also to the fraudsters themselves, making the scam even more convincing.
iOS and Android
All the apps identified by Group-IB were classified under a single malware family, which they named UniShadowTrade.
Once a victim installs the app and enters the unique code provided by the scammer during the “fattening” phase—where the attackers build trust using the App Store apps—the victim must complete several steps:
- Upload identification documents.
- Provide personal information.
- Submit job details.
- Agree to the terms and conditions.
- Accept trading disclosures.
- Transfer funds to the trading account.
After the deposit is made, the cybercriminals take control and issue further instructions, ultimately leading to the theft of the victim’s funds, as the researchers cautioned.
The initial apps uploaded to the official stores disguised themselves as a mathematical formula tool and primarily functioned as downloaders. The second app, which was accessed through phishing sites, contained the live web-based trading platform. Group-IB noted, “We believe this was a deliberate strategy, as the first app was available on the official store, and the cybercriminals likely aimed to reduce the risk of detection.”
Although these fake apps have been removed from both Apple and Google stores, users are advised to stay cautious of anyone offering financial opportunities through social media. If something seems too good to be true, it usually is.
I have contacted both Apple and Google for a statement.