In the victim’s case, the bogus app was intended for a Hong Kong-based trading and investment company called the Goldenway Group – with download links for iOS or Android.
Fraudsters then walked the victim through the installation process and encouraged them to buy cryptocurrency and transfer it to their wallet.
When the victim later applied for the virtual currency to be retransferred, the scammer apologized before blocking the victim’s account.
But that one app was just the tip of the iceberg. Sophos continued, “When we investigated the rogue Goldenway app, we found that the scheme was much broader. We found hundreds of fake trading apps pushed through the same infrastructure, each disguised to look like that official trading apps looked by various financial organizations. “
Sophos went on to explain that some of the fake apps they investigated were designed to have a user interface that was exactly like their legitimate counterparts.