Beware of this scam that uses apps listed on the App Store and Play Store; your money is at risk
You might be surprised to find out that "pig butchering" is going on in the App Store and Google Play Store but no animals are being hurt. According to BleepingComputer"Pig butchering" is a scam that involves phony websites, malicious advertising, and more. By getting through the App Store and Play Store's defenses, users have a false sense of security when installing these apps only to get bit in the ass.
Cybersecurity firm Sophos concluded that these attacks are designed to trick male Facebook or Tinder users into installing bogus apps by using fake female profiles with images stolen from other social media sites. These images portray a wealthy lifestyle with photos of exotic locations, five-star restaurants, and high-end retail stores. The fake apps promote phony investment scams.
The scam usually follows a particular script
The scam usually follows a particular script. The "woman" that the target is messaging says that she has an "Uncle" in the investment business and invites the target to install a particular cryptocurrency app on the App Store or the Google Play Store that will allow the target to trade cryptocurrency. After guiding the soon-to-be victim through the process of installing the "fake" app, the "woman" also helps the victim to make a deposit using the legitimate cryptocurrency app Binance and helps the mark transfer the sum to the fake app.
MBM_Bitscan app on the App Store
Sophos says that the malicious apps being used on the App Store are called "Ace Pro" and "MBM_BitScan" and "BitScan" on the Google Play Store. The apps allow the victim to withdraw small amounts from their accounts at first to gain the target's trust but lock the account preventing the withdrawal of larger amounts.
To get through the App Store's defenses. the bad actors involved in the scam submit an app signed with a valid certificate issued by Apple. This is a necessity for any app that appears on the iOS app storefront. Until the app gets Apple's approval, it acts normal; once approval is received, the domain name is changed and the app connects to a malicious server.
How this scam works
While different vendor names appear for the iOS and Android versions of the fake apps, they connect to the same command and control server (which sends directions to malware-controlled systems), from a domain that seems to impersonate a legit Japanese cryptocurrency exchange called bitFlyer.
Use common sense and you should be able to avoid getting ripped off
Now you see who the "pig" is getting butchered. The "pig" is the victim who is drawn into the scam through lengthy conversations. By allowing a small part of the initial deposit to be accessible to the target, the latter trusts the entire process and has bought into the scheme. While we hate to continuously hit you over the head with this, you need to check the comments section of any apps that you plan to install on your devices from developers that you've never heard of. If you see any red flags, do not install the app and run away...quickly.
Also, if you're on Facebook or Tinder and you're approached by a wealthy female looking to get you to invest in cryptocurrency, do not engage in a conversation with this "woman." And even if your hormones kick in and you can't help yourself, what the hell are you doing investing your hard-earned money without doing some research first? And cryptocurrency is no stranger to the seedy, scammy world of investment ripoffs.
And because only a few victims get hooked (this is a high-yield ripoff that depends on a low percentage of success to make plenty of money for the attackers), there aren't too many complaints about the apps. Still, if you use common sense and think with your brain instead of another part of the male anatomy, you should be able to avoid getting ripped off.
Things that are NOT allowed: