In the case of this victim, the bogus app was for a Hong Kong based trading and investment company called Goldenway Group – with download links for either iOS or Android.
Scammers then guided the victim through the installation process, encouraging them to purchase cryptocurrency and transfer it into their wallet.
When the victim later asked for the virtual currency to be transferred back the scammer made excuses, before blocking the victim’s account.
But this one app was just the tip of the iceberg. Sophos went on to say: “As we investigated the fraudulent Goldenway app, we discovered that the scheme was much more wide-ranging. We found hundreds of fake trading apps being pushed through the same infrastructure, each disguised to look like the official trading apps of different financial organisations.”
Sophos went on to explain that some of the fake apps they investigated were design to have a UI that was just like their legitimate counterparts.