‘Pig Butchering’ Trading Apps Found Lurking on Google Play and App Store

Published on October 4, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
Created using Copilot | Powered by DALL.E 3

A new wave of "pig butchering" scams infiltrated Google Play and Apple's App Store. These fraudulent trading apps enticed victims with promises of high investment returns, only to defraud them of their funds, as per cybersecurity firm Group-IB.

Essentially, these apps are designed to steal users' funds by tricking them into investing via false versions of real trading and cryptocurrency platforms. This type of attack works by directing unsuspecting users to a counterfeit version of a legitimate trading app through phishing links or fake advertisements. 

This type of scam not only results in financial loss but also exposes victims to identity theft, given the sensitive documents requested by the fraudulent apps, as people are asked to upload identification documents, such as an ID card or passport, as well as personal information and job-related details.

Fraud steps (Source: Group-IB)

Recent investigations identified several fake trading apps operating under the guise of legitimate financial tools. These apps, including SBI-INT (iOS), Finans Insights (Android), and Finans Trader6 (Android), were downloaded thousands of times before their removal from official app stores.

Group-IB classifies these applications under the "UniShadowTrade" malware family, which is built using the UniApp framework. The apps impersonated legitimate trading and cryptocurrency platforms, deceiving users into uploading sensitive documents and diverting them to sham trading platforms accessible only via invitation codes.

Victims, lured by the promise of substantial investment returns, unknowingly contributed funds that were swiftly redirected to the fraudsters' accounts. 

In other recent news, an app mimicking the legitimate WalletConnect went undetected on the Play Store, luring more than 150 victims via fake reviews and high-ranking search results. The cybercriminals stole around $70,000 over the course of five months.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: