Cybercriminals are found using fake cryptocurrency investment applications to steal from U.S. investors. They have already stolen around $42.7 million of funds from 244 victims.
Use of fake apps to defraud investors
Further, the attackers convince investors to download bogus mobile apps, which the attackers have used with growing success over time to fool investors into giving away their cryptocurrency.
- Between December 2021 and May 2022, other cybercriminals impersonated a genuine U.S. financial firm to defraud other victims. The attackers stole millions of dollars worth of cryptocurrency.
- Those attackers used a similar tactic, fooling victims into installing a fake app and depositing cryptocurrency into wallets claimed to be associated with the victims' accounts on the app.
Attacks details
The FBI has warned that fraudsters were using various company names, such as Yibit and Supayos (aka Supay).
- The attackers contacted numerous U.S. investors and offered legitimate cryptocurrency investment services.
- Between October 4, 2021, and May 13, 2022, the fraudster behind YiBit company defrauded four victims of approximately $5.5 million.
- Between November 1 and November 26, 2021, the fraudsters behind the Supayos company had defrauded around two victims.
Similarly, cybercriminals fooled many targets into installing fake apps and deposit funds into wallets believed to be linked with the victims' app accounts.
Recommendation
The FBI recommended investors stay vigilant against prompts to install investment apps from unknown people. To verify if the company behind such apps is genuine or not, visit the official website. Further, enable MFA on all of the accounts and reject requests to use remote access apps.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/8b71_shutterstock_1628208907.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock-517632350.jpg)
