Kaspersky experts have uncovered a new and active malicious campaign that preys on the most popular topics in the media to steal personal information using a series of counterfeit applications on Google Play. Capitalising on users’ desire to make money easily, the apps and websites make grandiose claims promising risk-free daily profits of up to $9,000 with an initial investment of just $250 without the need for specialist/technical skills.
Fraudsters are constantly on the lookout for innovative ways to execute their scams, adapting swiftly to social trends and enticing users with irresistible offers. This latest campaign is designed to exploit the popularity of topics in the media such as AI, chat bots, Elon Musk, and cryptocurrency to steal personal data through fake apps and phishing websites.
Once victims have installed, opened, and submitted personal details in the app, a message appears assuring the victim that the registration was successful and instructs them to await a call from a representative broker with further guidance. Scammers then call the victim to provide detailed information about the investment process and encouraging them to invest money by promising unusually high returns. To start earning profits, the victim is instructed to transfer money to the scammer's wallet. This results in the victim losing their money and not receiving the promised returns. Additionally, the stolen data is obtained during these attacks can find its way into the dark corners of the internet on forums used for illicit purposes.
In addition to the fake Google Play applications, Kaspersky researchers have identified phishing pages that employ similar techniques and structure. It is highly likely that these phishing attacks are orchestrated by the same operator responsible for spreading the fake applications. This indicates that the fraudsters behind these scams are diversifying their methods to generate income and are attempting to target as many victims as possible.
Kaspersky has reached out to Google and warned about the fraudulent apps stored in Google Play.
Igor Golovin, security expert at Kaspersky, explains, “ Fraudsters are constantly evolving their tactics to exploit the latest trends and technologies. From fake applications to phishing pages, they leverage enticing baits and deceptive designs to target unsuspecting users. By diversifying their methods of attack, these cybercriminals aim to maximize their potential victims. “It is imperative for individuals to stay vigilant, exercise caution, and be aware of the ever-present threats in the digital landscape,” comments Igor Golovin, security expert at Kaspersky.
To protect yourself from investment fraud, Kaspersky experts also recommend:
- Be cautious of suspicious links and emails: Avoid clicking on unfamiliar or suspicious links, especially those received through emails, messages, or social media platforms. Verify the source and integrity before interacting with any links or attachments.
- Be cautious with personal information: Be mindful of sharing personal information online, especially on public platforms. Avoid providing sensitive details unless you are certain of the justice and security of the website or service.
- Use reputable security software: Install and maintain reputable antivirus and anti-malware software on your devices. Regularly scan your devices for potential threats and keep your security software up to date. Kaspersky premium protects its' users from known and unknown online investment scam schemes.
- Educate yourself about common scams: Stay informed about the latest cyber threats, phishing techniques, and social engineering tactics. Be cautious of unsolicited requests, suspicious offers, or urgent demands for personal or financial information.
- Trust your instincts: If something seems too good to be true or feels suspicious, trust your gut instinct. If you are unsure about a particular website, link, or communication, err on the side of caution and refrain from engaging with it.