Fake Apps Masked as Cryptocurrency, Trading, Banking Apps Duping iOS, Android Customers: Sophos

Counterfeit apps are impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank.

Advertisement
By Tasneem Akolawala | Updated: 14 May 2021 14:24 IST
Highlights
  • To bypass App Store, scammers exploit Apple’s a Super Signature process
  • Sophos found this issue while investigating fake app of Goldenway Group
  • Schemes to download these fake apps are leveraged through dating sites

Links to both iOS and Android platforms for these fake apps are made available

Photo Credit: Sophos

Several counterfeit versions of popular cryptocurrency trading, stock trading and banking apps have been discovered by Sophos on iOS and Android platforms, designed to steal sensitive information. All those who download these fake apps can be potential victims of data theft. Counterfeit apps are impersonating major financial firms and popular cryptocurrency trading platforms, including Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. Sophos found these fake apps while looking into a fraudulent mobile trading app that masqueraded as one tied to a well-known Asia-based trading company, Goldenway Group.

Sophos says that schemes to distribute these fake apps are leveraged though dating sites and social media. These apps are made cleverly to look like those belonging to the actual legitimate ones. “These websites forwarded victims to third-party sites that delivered iOS mobile applications via configuration management schemes, iOS mobile device management payloads carrying “Web Clips”, or Android apps depending on the device used, the report by Sophos notes.

Advertisement

The report details one victim's misery wherein he touched base with the scammers through social media and a dating site. The scammers befriended the victim and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the COVID-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link. They even walked the victim through the installation process and encouraged him to buy cryptocurrency and transfer it into their wallet. After the transfer was made, the scammers blocked the victim's account and ended communication.

The fake app that the victim was tricked to download was an impersonation of the Hong Kong-based trading and investment company called Goldenway Group. The company is aware of this scam and even has posted a warning on the company's actual website with an alert about fraudsters scamming users with a similar named site and asks its users to steer clear of such apps.

Advertisement

To bypass the App Store, scammers use third-party services to deploy what's known as a Super Signature process. This allows app developers to use Apple's ad-hoc application distribution method to deliver applications to iOS devices—a process intended to allow developers to distribute apps directly to a limited number of devices for testing. However, it is being abused by malicious pp developers. Scammers even used the Web Clips technique to dupe iPhone customers.

To avoid falling prey to such malicious apps, practice the following guidelines.

  1. Users should only install apps from trusted sources such as Google Play and Apple's App Store.
  2. Developers of popular apps often have a website, which directs the users to the genuine app.
  3. Users should verify if the app was developed by its genuine developer.
  4. Install an antivirus app on your mobile device.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Redmi Note 17 Pro Global Variant Appears on NBD Database Alongside Poco Model
  2. Airtel Revises Postpaid Portfolio, Removes Rs. 549 Individual Plan
  3. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  4. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.