Oct 05, 2024 19:00:00

'Pig killing scam' app discovered on Google Play and App Store

' Pig killing ' is a type of '

international romance scam ' in which a person meets someone online and spends a long time getting to know them, eventually defrauding them of their money. Pig killing began to be seen in China around 2017, and has expanded on a large scale, mainly in Southeast Asia, but researchers from cybersecurity companies have warned that there are fraudulent apps on Google Play and the App Store that are designed to trick people into pig killing scams.

Pig Butchering Alert | Group-IB Blog
https://www.group-ib.com/blog/pig-butchering/

'Pig butchering' trading apps found on Google Play, App Store
https://www.bleepingcomputer.com/news/security/pig-butchering-trading-apps-found-on-google-play-app-store/

Pig killers mainly use social media and dating apps, but there are also apps designed to lure victims into pig killers. Researchers at cybersecurity firm Group-IB reported in May 2024 that they had discovered fraudulent apps that contained links to fake trading platforms.

The pig-killing scheme involves tricking victims into handing over their funds to fake trading platforms that display fake information and trick them into investing in them to earn high profits. The malicious app, which Group-IB classifies as 'UniShadowTrade,' helps facilitate the pig-killing scheme by redirecting victims to a fake trading platform that can only be accessed via an invitation code after installation.

Once users register for the fraudulent application, they are first asked to upload identification documents such as ID cards or passports. Next, they are asked to provide personal details, followed by work details. Once they agree to the terms and conditions and disclosures, they are prompted to deposit funds into their account. Once this is completed within the app, the cybercriminals take over and send further instructions, ultimately stealing the victim's funds.

According to Group-IB, the malicious apps were disguised as 'volume and area calculators for algebraic formulas and 3D graphics' on iOS and 'financial news feeds' on Android, and some Android apps were downloaded 5,000 times. Below is an example of a malicious app provided by Group-IB, which has been downloaded more than 1,000 times.

Normally, app stores have mechanisms in place to prevent the release of fraudulent apps. However, the malicious app had the ability to check the date and time it was running, and if it was run before the app store's release date, it would display a disguised screen that had nothing to do with fraud. With this simple method, cybercriminals were able to evade store review and upload fraudulent apps to the app store.

The graph below shows the number of pig-killing-related app installations from March to August 2024. The majority of victims are in the Asia-Pacific region, shown in blue, but the app is also installed in the European region, shown in gray. Group-IB states, 'The app installation detection shows that the pig-killing threat is not limited to any particular region.'

The malicious apps remained on Google Play and the App Store for a few weeks before being removed, but the researchers point out that the pig killings themselves have not decreased at all, just that scammers have switched from using apps to phishing sites to direct users to the fraudulent sites.

Andrey Polovinkin, research team leader at Group-IB, recommends that financial institutions 'install fraud prevention systems that monitor suspicious user sessions,' 'educate customers about fake websites and malicious apps,' and 'check the latest threat data from Group-IB and other sources' to combat pig killing. Polovinkin also said that users can be careful about scams by being careful when opening links from unreliable sources, doing thorough research before applying for investments, and making sure to install apps from official websites.