The fraudsters approached their victims by creating fake profiles on Tinder and Facebook, and then asked them to move their conversations to WhatsApp, where they were encouraged to download the The Ace Pro and MBM_BitScan apps.
Although The Ace Pro app was listed as a QR scanner app and MBM_BitScan was promoted as a a real-time data tracker for cryptocurrencies on the app stores, they both had fake crypto trading interfaces that were used by the fraudsters to steal money from the victims. One of the victims lost about $4000 using the Ace Pro app, Sophos said.
In order to bypass the review process, fraudsters first connected their apps to a benign server before submitting them, and then switched to the malicious server after the approval which enabled them to change the apps’ functionality.
The cybersecurity firm added that both Google and Apple have been notified about the fraudulent apps and removed them from their marketplaces.