Scammers Sneak Trick ‘Pig-Butchering’ Apps onto Apple and Google App Stores

Tim Cook at Golden Globes
Frazer Harrison /Getty

A number of “pig-butchering” scam apps have reportedly made their way onto Apple’s App Store and the Google Play Store, leaving users vulnerable to scammers. The oddly named con originated in China and Taiwan, and involves “fattening up” targets only to swindle them for large amounts of money.

Ars Technica reports that according to the security company Sophos, two malicious apps that were part of a sophisticated scam network and were making millions of dollars a year were found to be available in the Apple App Store. The “pig butchering” scam uses a variety of tools, including apps, websites, web hosts, and people to gain the trust of their victims over the course of several weeks or months as part of a “long con.”

Google CEO Sundar Pichai testifies

Google CEO Sundar Pichai testifies (Alex Wong/ Getty)

Iowa pig farm

(Charlie Riedel/AP)

Pig-butchering scams frequently start with conversations about investments, usually involving cryptocurrency, and are initiated by someone posing as a romantic interest, financial advisor, or successful investor. The con artists initially permit withdrawals after the victim deposits money, but eventually lock the account and demand a deposit of up to 20 percent of the balance in order to unlock it. The money is never returned, even after the deposit is made, and the con artists keep coming up with new excuses for the victim to send more money.

The name of the scam comes from the life cycle of the con, where targets are first “fattened up” and later “butchered” for as much money as scammers can get.

Two iOS listings for CryptoRom, a type of pig butchering scheme that uses romantic overtures to win over its victims’ trust, were recently discovered by Sophos in the Apple App Store. The first app, Ace Pro, marketed itself as a QR code reader, and the second, MBM BitScan, claimed to be a real-time cryptocurrency data tracker.

Apple claims it follows a rigorous review process, which keeps malicious apps out of the App Store. However, the fact that these apps were available to download from official channels aid the scam immensely because victims were more likely to believe it came from a reliable source. By using remote content downloaded from hardcoded web addresses that initially delivered benign content during Apple’s review process but later changed to deliver malicious functionality, Ace Pro and MBM BitScan were able to get around Apple’s vetting process.

As soon as the victims began utilizing the apps, the con artists instructed them to send money into the Binance exchange and then from Binance to the fake app. Users appeared to be able to deposit and withdraw money and send and receive customer service requests in real-time using the fake interface.

The scammers’ complex organizational structure includes a head office at the top that oversees operations. It handles money laundering, a franchisee in the middle, and keyboarders at the bottom who deal with the majority of victim interactions. The con artists first gained notoriety in China and Taiwan, where they were successful, but when Chinese authorities cracked down, they fled to Cambodia and other small Southeast Asian nations.

Sophos researchers stated:

During COVID-19, many underdeveloped countries did not have jobs or sufficient social benefits to support those affected by economic disruptions. This pushed many young people into taking job offers in other countries’ special economic zones that promised high pay. Many of these were fraudulent job offers tied to pig-butchering rings; when workers arrived, they were transported to CryptoRom centers and had their passports confiscated.

Often, keyboarders are these trafficked victims, brought from countries like China, Malaysia and India with the promise of better-paid jobs. They are trained with pre-written scripts with instructions on how to interact, what to say to their victims, and how to bring them into investing. If they want to leave or do not follow the script, they are reportedly subjected to violence.

Apple representatives did not answer an interview request, but they did say that the apps were taken down from the App Store after the scam was discovered. In addition, the representative cited research showing that in 2021, the App Store stopped almost $1.5 billion in fraudulent transactions and stopped more than 1.6 million risky and dubious apps from defrauding users. While declining an interview request, Google PR stated that the app was taken down following a warning from Sophos.

Read more at Ars Technica here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan


Please let us know if you're having issues with commenting.