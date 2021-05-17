Social platforms, e-mails and even fake profiles on dating sites are being used in a campaign to steal cryptocurrencies and bank data from international users. Also part of the scheme is a network with more than 150 counterfeit applications, which simulate the appearance of digital wallets, banking services or aimed at the stock market and fintechs as a way to deceive victims to hand over personal and financial data, access credentials. or even steal digital assets.

The warning was made by Sophos, which also points to the entire campaign as possibly the action of a single group. According to the experts in digital security, all the fake software is hosted on the same server, which indicates similar authorship among all of them, while the distribution method, equally similar in all of them, also indicates that the tactics are executed from from a common source.

In some cases, criminals even talk directly to potential victims, whether for alleged customer service or, flabbergasted, flirting with users from affective relationship sites. In all cases, the objectives are the same, to induce the use of false solutions that, in some cases, also include simulations of pages from the Google Play Store, as a way to give legitimate appearance to the scams.

The scam also works on iOS, but in a slightly different way, with criminals using digital signature services and pages that simulate the appearance of the Apple App Store to download configuration files to victims’ devices. From there, it is possible to run web clips, “previews” of applications that run from the internet, or send applications in the background, from services aimed at developing solutions that are enabled by the initial download.

In the cases evaluated by Sophos experts, the fake apps were just icons that led to online pages hosted on criminals’ servers and simulated the appearances of legitimate services. From them, the user should perform different tasks, such as a transaction using cryptocurrencies or the login using credentials – in all cases, funds or information were captured by scammers, who even modified access passwords and authentication methods in a way to prevent detection by the victim from leading to account blocking.

In the view of Sophos experts, the main target of operations of this type are novice users, who are still learning to behave in the world of stocks and cryptocurrencies. Recent incidents, such as the huge increases in some digital assets or the explosion of GameStop’s shares, for example, have taken many people to this world, with the main focus of the scams being Chinese and English speakers.

Social engineering is the main trick here, and so the recommendation of Sophos’s experts is for users to make sure they’re downloading apps from legitimate sources. The ideal is to do this only from the official app store of the device, from the software installed on the phone itself, and not through links that are sent by third parties, even if they seem reliable.

In addition, another important security measure involves not registering or passing personal data through messaging apps and social networks, again, unless you are sure who you are talking to. Keeping operating systems and security solutions up-to-date also ensures protection from the most common threats; to more advanced users, Sophos has also released a public list of indicators of commitment.