With every online fad that promises to change how you do something forever, there always comes a brand new way to scam people. Cryptocurrency is no exception.
The latest scheme is a campaign based in Africa and Asia sharing fraudulent cryptocurrency investment platforms designed to mimic real platforms. Find out how the scammers trick victims and who’s behind it.
Key details about the scam
Research from Unit 42 discovered that these shady platforms are generally promoted on a related website. These sites are often designed to look like a well-known brand or reflect a current trend, such as retail establishments, luxury brands, or cryptocurrency exchanges. They post a link to an Android mobile app, which cannot be found on Google Play (a sure sign something isn’t right.)
So, how do they lure and defraud users? Apart from looking a lot like popular brands, these platforms promise unrealistically high investment returns. One package claimed to yield a daily return of $3 on an $11 principal investment. According to Unit 24:
“This represents a daily return on investment (ROI) of 27% that, when compounded, will yield an annual ROI of at least 2,650%. Such figures are unrealistic and should raise immediate red flags.”
As if shady investments weren’t enough, these scams often offer affiliate commissions for recruitment, similar to a pyramid scheme or multi-level marketing program. Members are then believed to use social media to attract and sign up more members.
Because of the nature of the scam, where victims are essentially tricked into luring in more victims, it may have quite a large reach. Related Telegram channels have thousands of members, with researchers finding one boasting 29,000.
The apps also require sensitive permissions from the user, which the attackers could potentially misuse.
Who’s behind the scam
Because of the similarity of these shady sites and related apps, researchers believe it’s either multiple users using the same scam toolkit or a single user. This toolkit provides basic design elements to create a website and mobile app, such as brand names, images, multimedia, and copy. All these websites also use a similar front-end design framework, the Document Object Model (DOM) element. Additionally, all the mobile apps are Android, which likely made it a simpler task for the potential toolkit creator.
The domain registrations for these sites provide evidence for a single threat actor. Looking into passive DNS records, researchers found that 15 domains were registered per day. Most registrations occurred in Singapore, which has relaxed registration rules. Commonalities of these registrations include similar registration records, similar hosting infrastructure, and similar SSL certificates.
The takeaway
This campaign has all the hallmarks of a classic online scam, from impersonating well-known brands to promising too-good-to-be-true rewards. Avoid becoming a victim by always keeping your wits about you online. Don’t sign up for unfamiliar sites, avoid apps that can’t be found in app stores, and don’t hand over your cash to entities or people you’re not 100% certain are legit.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.