Security researchers from Sophos have identified more than 150 fake iOS and Android apps that are designed to steal funds and financial information from potential victims. These apps masquerade as popular banking, finance and cryptocurrency services and curiously all link back to a single common server. This indicates that there is likely just one major crew at the helm of this operation.
In a blog post, Sophos published the extent that these threat actors are willing to go to for their apps to be downloaded on the victim's phone. One such victim was approached through a social media dating site and the scammers, "befriended the victim, and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the Covid-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link."
Once the victim was charmed into downloading the app on to their devices, they were then "encouraged" to buy cryptocurrency. Once the transaction went through, the scammers blocked the victim's account and disappeared.The takeaway here is to not trust someone online, no matter how genuine they appear to be. Never download any apps from anywhere other than Google's Play Store or Apple's app store. Ignore malicious links that tell you to download apps.