Two more apps involved in pig-butchering or CryptoRom scam were discovered on the App Store by a security firm, Sophos. Presented themselves as legitimate cryptocurrency trading applications to get approved by App Store and Google Play Store review teams, both apps changed their destination websites to steal thousands of dollars from unsuspecting users.
Last year, a fraud Chinese developer, NSLog released several scam apps on the Mac App Store. The developer published malicious apps through seven different Apple developer accounts which contained “command-and-control” malware to receive commands from a server to change their UI after being approved by the Apple review team.
Apple removes two Pig-butchering scam apps from the App Store
The malicious apps involved in the scam were a QR code scanning app called Ace Pro and a real-time data tracker for cryptocurrencies called MBM_BitScan. Both apps were carrying out “pig butchering” scams which include two fronts of deception.
- They fooled the App Store review team by temporarily accessing legitimate websites for data and after getting approved, they changed the destination websites.
- Like CryptoRom scams, scammers lured victims through social engineering and online dating platforms on to WhatsApp to encourage them to invest in cryptocurrency through their malicious apps. Scammers use the presence of the apps on the App Store and Play Store as a token of their authenticity.
Unfortunately, victims lost thousands of dollars by trading through malicious crypto trading services which deposited their money in the con teams’ account instead of the actual trading account. Sophos explained:
“In the case of the Ace Pro app, the malicious developers inserted code related to QR checking and other iOS app library code in the app to make it appear legitimate to reviewers. But when the app is launched, it sends a request to an Asian-registered domain (rest[.]apizza[.]net), which responds with content from another host (acedealex[.]xyz/wap).”
“It is this response that delivers the fake CryptoRom trading interface. It is likely that the criminals used a legitimate-looking site for responses at the time of the app review, switching to the CryptoRom URL later.”
For now, both apps have been removed from the App Store. However, it is not the first time scam apps have been found on Apple’s digital marketplace. Although the company argues that App Store is needed on iOS to protect users from malicious apps, the presence of multiple scam apps weakens that argument drastically.
Apple relaunched the ‘Report a Problem’ button on the App Store on iOS 15 for users to report problematic apps and the company said it removed 540,000 apps from the digital store in Q3, 2022, and stopped $1.5 billion fraudulent transactions in 2021. But it is not enough.