Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Crime Apple

'Pig-Butchering' Scam Apps Sneak Into Apple's App Store and Google Play (arstechnica.com) 44

In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called "pig butchering," and now even Apple is getting fooled into participating. From a report: Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams. At least one of those apps also made it into Google Play, but that market is notorious for the number of malicious apps that bypass Google vetting. Sophos said this was the first time it had seen such apps in the App Store and that a previous app identified in these types of scams was a legitimate one that was later exploited by bad actors.

Pig butchering relies on a rich combination of apps, websites, web hosts, and humans -- in some cases human trafficking victims -- to build trust with a mark over a period of weeks or months, often under the guise of a romantic interest, financial adviser, or successful investor. Eventually, the online discussion will turn to investments, usually involving cryptocurrency, that the scammer claims to have earned huge sums of money from. The scammer then invites the victim to participate. Once a mark deposits money, the scammers will initially allow them to make withdrawals. The scammers eventually lock the account and claim they need a deposit of as much as 20 percent of their balance to get it back. Even when the deposit is paid, the money isn't returned, and the scammers invent new reasons the victim should send more money. The pig-butchering term derives from a farmer fattening up a hog months before it's butchered.

This discussion has been archived. No new comments can be posted.

'Pig-Butchering' Scam Apps Sneak Into Apple's App Store and Google Play

Comments Filter:
  • Just say no (Score:2, Interesting)

    by Darinbob ( 1142669 )

    I have an iPhone. I have never once typed in my credit card number on it, Apple does not have my credit card number either, I cannot use their store, I have to dig through files to even find my password. The drawback is that I'm reminded lots to please enter my password (sometimes less than a second after I click "cancel"), but the upside is that they can't steal my money, or get my money w/o stealing, and the amount of effort involved to allow them to get my money is big enough that I will never do it.

    • Re:Just say no (Score:4, Informative)

      by Powercntrl ( 458442 ) on Wednesday February 01, 2023 @04:52PM (#63258191) Homepage

      So, what you're saying is you're inconveniencing yourself even though practically every credit card company under the sun offers zero liability for promptly reported fraudulent transactions?

      My mother had her physical card skimmed at a gas station about a year ago. Thanks to how easy Apple makes it to track transactions, she was able to almost immediately report the fraud, lock the card, and request a replacement - all right from the wallet app.

      • So, what you're saying is you're inconveniencing yourself even though practically every credit card company under the sun offers zero liability for promptly reported fraudulent transactions?

        My mother had her physical card skimmed at a gas station about a year ago. Thanks to how easy Apple makes it to track transactions, she was able to almost immediately report the fraud, lock the card, and request a replacement - all right from the wallet app.

        This. My CC automatically stops everything if they get a hint of something wrong. ApplePay as well. They even do it if I make a large purchase. I get a phone call to approve the expenditure.

        One time My SO and I tried to buy gas in two different cities at the same time. Same thing happened. The security is pretty good.

        I think he's confused about who the money is coming from. Hard to imagine Anyone using their credit card to make investments.

    • I have an iPhone. I have never once typed in my credit card number on it, Apple does not have my credit card number either, I cannot use their store, I have to dig through files to even find my password. The drawback is that I'm reminded lots to please enter my password (sometimes less than a second after I click "cancel"), but the upside is that they can't steal my money, or get my money w/o stealing, and the amount of effort involved to allow them to get my money is big enough that I will never do it. The "just one click" model for convenience is a bad idea financially.

      (ok, I have $10 in ChargePoint but it was added outside of the app)

      That's nice, but Apple is not the outfit scamming people, so your self policing won't do a thing regarding this.

      And you really shouldn't have a credit card at all if you are that concerned - they are compromised all the time.

    • by znrt ( 2424692 )

      these apps do not "hack" your phone, they aren't really "malicious", they are just vehicles for "social engineering" to enable regular old fashioned manual scams where the victim is patiently "worked on" over a period of time. it is unrelated to your phone usage habits, or your phone's security, privacy or lack thereof except for the fact that those apps are actually available through the store.

      other than that, yeah, i don't pay with my phone either, it has zero advantages over using a card and just adds a

    • by gweihir ( 88907 )

      I frequently use my credit card for purchases over the Internet. These days it is basically always via some intermediary financial provider like PayPal and a 2nd factor confirmation and I have not gotten scammed except occasionally (rarely) on some $5 Ebay or Alibaba purchases where they did not deliver or delivered crap. That is something which I do not really care about, I just factor that into the price and which is not strictly a credit-card scam. I did have altogether something like 3 genuine fraudulen

    • I don't have an iphone but I treat my phone as a hostile device. I've removed all the (cr)apps and wouldn't dream of linking it to my bank account, or adding any bank card detals to it. I use it purely as a telephone and only switch on mobile data on the rare occasions I'm using it to get directions . As far as I'm concerned a phone is a totally insecure mobile computer which is easily lost and trivially crackable. If mine is ever lost/stolen and cracked they'll get a list of my phone contacts and a shor

  • The pig-butchering term derives from a farmer fattening up a hog months before it's butchered.

    Why would it not then be called "pig-fattening" or "hog fattening", which would be quite self-explanatory? What kind of idiot comes up with these terms and how do they propagate?

    • More to the point, it's a pretty standard targeted scam that has been done since grifting was invented. But I guess it's special because something something bitcoin.
    • The pig-butchering term derives from a farmer fattening up a hog months before it's butchered.

      Why would it not then be called "pig-fattening" or "hog fattening", which would be quite self-explanatory? What kind of idiot comes up with these terms and how do they propagate?

      Any of those names are pretty dopey. I doubt most urbanites hove no idea of anything other than "butchering" sounds scary.

    • ...What kind of idiot comes up with these terms and how do they propagate?

      Gee, I dunno, let me pull this Apple out of my pocket and Google why that is. Maybe some human is Tweeting about it, or made a TikTok that would help explain this.

      Fucking seriously. A bellybuttton, is not a window.

  • Oh hey! Let me give this random phone app 1000s upon 1000s of dollars.
    Get what you deserve. This is no app on any phone store that is worth paying money for, even if there was, no app is worth giving Google/Apple 30% for such a shitastic product.
    • No they don't. (Score:5, Insightful)

      by Brain-Fu ( 1274756 ) on Wednesday February 01, 2023 @04:59PM (#63258215) Homepage Journal

      Nobody deserves to be victimized by crime, even if they make mistakes. The criminals are the ones at fault, and they deserve punishment. Maybe people do have a responsibility to strengthen their critical thinking skills and their Internet "street smarts" before tossing money around, but even this does not make them "deserve" crimes that others commit against them.

      So, awareness-raising like this very article is one way that we can help people avoid this victimization. And it is a good thing to do, because nobody can "just know" what scams are currently popular nor what the vectors of attack are. Victim-blaming is both mean-spirited and harmful.

      Further, it sounds like the primary attack vector her isn't the app, but the social engineering. Human interaction is used to create trust (and in some cases love), which is how people are lured into the scams. So the awareness-raising isn't just about technical street-smarts, but also about cultivating a healthy level of distrust of new acquaintances and romantic interests.

      • Oh hey! Let me give this random phone app 1000s upon 1000s of dollars.
        Get what you deserve. This is no app on any phone store that is worth paying money for, even if there was, no app is worth giving Google/Apple 30% for such a shitastic product.

        Nobody deserves to be victimized by crime, even if they make mistakes

        In the context of the quote above yours, I would have said "Nobody deserves to be victimized by crime, even if they are stupid".

      • Victim-blaming is both mean-spirited and harmful.

        In the case of investment scams, the victim blaming stems from the idea that if the victim hadn't allowed their own greed to cloud their judgement, they wouldn't have gotten scammed. When someone is giving you the hard sell on an investment which supposedly promises massive returns, that should immediately raise a huge red flag. But for some people, their critical thinking immediately shuts off and they're like "monkey brain want to be rich!"

      • by znrt ( 2424692 )

        Nobody deserves to be victimized by crime, even if they make mistakes. The criminals are the ones at fault, and they deserve punishment. Maybe people do have a responsibility to strengthen their critical thinking skills and their Internet "street smarts" before tossing money around, but even this does not make them "deserve" crimes that others commit against them.

        well, this aint old lads/ladies scammed for a little bit of love and affection, this sort of scam only works on greed, so it's just right to fight crime and all that, but anyone falling for this particular scam is clearly at fault, and after the whining would be wise to thoroughly re-examine their own priorities in life, particularly greed on how it can't possibly bring them the imagined happiness.

        • Nope, you and Powercntrl are still both wrong.

          First of all, seeking to profit from an investment is not "greed." There is nothing at all wrong with wanting to make money, and investing is a perfectly legitimate way of doing that. Legitimate investing harms no one, sends cash to reinforce efforts the businesses make at producing desired products or services, and rewards the investor for that risk when the business does well. Its how the system should work.

          Secondly, in the case of these scams, the victim i

          • by znrt ( 2424692 )

            i didn't say they deserve it, i said they we're at fault and should re-evaluate their priorities. i guess, since we both aren't really "sorry" for them, this is just a conceptual discussion.

            like most human behavior this is not a clear cut black and white issue. you paint a very extreme picture where blind trust is placed in a stranger to stress that such is no "moral fault" but being stupid. i wont really dispute that, but at some point and to some extent it is the prospect of getting an unreasonable profit

    • by Somervillain ( 4719341 ) on Wednesday February 01, 2023 @05:45PM (#63258309)

      Oh hey! Let me give this random phone app 1000s upon 1000s of dollars. Get what you deserve.

      The apps spoof real financial services firms. I looked up the company for a fake one and the company was legit (the app wasn't owned by the company, but it was hard figuring that out). I've been contacted by one of those. They have VERY elaborate fake exchanges that are quite convincing. During COVID, some woman texted me with a wrong number "Hey Dana, please text me back. I'm waiting at the restaurant now." I texted back that she had a wrong number and the woman thanked me for being so nice and made some small talk, including thanking me for letting her practice her English. Since I am learning Spanish as well, I was sympathetic. She kept texting me nice little texts...put a lot of effort into them. I'm happily married, so I didn't think too much of it...just figured she had moved before COVID and didn't know many people in the US. She mostly asked about my kids...no romance...talked about crypto. I mentioned casually that it sounds interesting, I should look into it and 1 week later about 1000 texts afterwards, she started trying to scam me.

      Since I had chatted with her for a week, I trusted her a bit and looked at her site. I looked up the company she said was running it. Everything on the site looked legit, but I couldn't find the link or news report for the product from their side...so that was an anomaly. When I declined to invest, she started pressuring me and I realized she was a scammer...but truth be told, I can see how many would fall for this...especially after you've chatted with someone for 2 weeks. The story was convincing.

      There were a few red flags I see in retrospect in case someone else gets one of these wrong number scams:

      1. Hot women in their late 30s who are divorced (and thus available) and immigrants (so they have a plausible reason to feel isolated enough to chat with a stranger) and lonely enough to chat to marred man (usually a father). I thought she was just someone longing for kids with no family here...I know a dozen women like that at work, so I thought nothing of it.

      2. Praise for little things "Oooh, you're not racist towards hot Asian women?...you're really nice for an American" In fairness, I know a bunch of people who are too generous with compliments because their English is too poor to hold a conversation, so they flatter you...so I thought was odd, but assumed she was like half a dozen Chinese women I know at work...who give fake, almost condescending, compliments because their language skills are terrible.

      3. Saying they're local, but not getting local references...if someone says they're from Portland, ask them how the traffic is on the 84, for example, or ask when the rain stopped for them. There were some anomalies with the woman chatting, like being confused when I talked about the heat during a heatwave...or not knowing a restaurant in her town...but I assumed it was a language barrier issue because I am a software engineer and so used to people who can't speak English for shit.

      4. Lots of conversation about leisure. All the time they have to eat out and enjoy their money and sushi is a common theme from what I've read. Most of us in our 30s or older don't eat out for nice lunches alone every 2 days...but that's part of their whole scam...to get you thinking they're so wealthy they never have to worry about money and can be so frivolous.

      5. The obvious one...pressuring you to invest. That's when I figured it out.

      I wish I hadn't wasted 2 weeks talking to this woman about her workout routine or sushi or Asian culture...but I kinda noticed the red flags before, but I know so many Asian women who suck at English at work and just talk in broken sentences or give fake compliments out of timidness or get lonely and want to talk to people. So she did give an elaborate explanation and was knowledgeable and I was actually tempted to make a small transac

      • During COVID, some woman texted me with a wrong number "Hey Dana, please text me back. I'm waiting at the restaurant now." I texted back that she had a wrong number and the woman thanked me for being so nice and made some small talk, including thanking me for letting her practice her English.

        My partner gets these sort of weird texts all the time. He's always incredibly rude to them because they all do the lonely woman routine and he's like "bitch, I'm gay, I don't care!". It's funny to think about that if he'd followed them to their conclusion they'd turn out to be crypto scams.

        Meanwhile, all I ever get are the boring voicemails trying to sell me an extended warranty for my car.

        • They prey on people being decent human beings. Despite frequently being an asshole on /., I am actually generally a nice guy. It's in my nature to help people. Now I can't even be polite to strangers texting me wrong numbers. I have to assume they're scammers...just like I assume all calls from unknown numbers are scammers, typically from another continent. It's eroding our basic decency to have to assume the worst of any person communicating with us electronically.
      • Thanks for the "case study", it was interesting.

  • an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams

    I thought we already had a buzzword for this scam: cryptocurrency.

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Wednesday February 01, 2023 @05:17PM (#63258267) Homepage

    a good culinary combination

  • Maybe with a little higher effort levels and some refinement. There is a sucker born every minute...

    • I kinda miss getting Nigerian scam emails in the same way I miss the goatse links on Slashdot. It's like a familiar pothole on the information superhighway has been paved over. Yeah, we're better off for it, but being online just somehow doesn't feel the same.

      • by gweihir ( 88907 )

        You can still get them. It is just that most email providers filter them out these days. As I run my own mail server, I still get the occasional one.

  • lonely old men (Score:4, Informative)

    by John_Sauter ( 595980 ) <John_Sauter@systemeyescomputerstore.com> on Wednesday February 01, 2023 @06:44PM (#63258429) Homepage

    A friend of mine fell victim to pig-butchering.

    My friend is a former co-worker, now a divorced, elderly man who lives alone. His children do not respect him and his computer programming skills have declined enough that he chooses to live on Social Security plus an occasional translaton gig: he was born in China and speaks Mandaran but has lived in the United States for 50 years and speaks English well.

    I know his story because we have lunch once a week and talk about our lives. Doing this is good for both of us, since we are about the same age.

    My friend is frequently criticized by his ex because he is always chasing young girls on the internet. He generally has several relationships going at any one time. Chatting in Chinese is hard, though: entering a Chinese character requires several keystrokes, and by the time he has gotten the next character specified, he forgets what he was chatting about!

    One girl he connected with spent several weeks chatting him up, inquiring what he had eaten for breakfast in the morning and wishing him a good night in the evening. She showed him how to use an investment tool and persuaded him that by investing his money he could earn large returns. I warned him that this was likely a scam, but he was so enamoured with this girl that he invested anyway. When he couldn't get his money out of the so-called investment the girl told him that he would have to put an additional 50% of his investment into the account in order to have withdrawal privileges. I advised him not to, saying it was just another lie, and his money was gone. He reported the scam to the FBI and the local police, but so far nothing has come of it.

    The point of my story is that pig butchering is not only based on greed. It can also be based on young girls showing an interest in lonely old men.

    • I just read parts of TFA to my wife and she goes, yeah my boss is one of those pigs. Turns out her boss has recently met someone online. At this stage it's Apple Music vouchers of $100.
    • I warned him that this was likely a scam, but he was so enamoured with this girl that he invested anyway.

      This is one part which fascinates me greatly - that even when warned by friends or relatives, who they know well and trust, the mark ignores that and proceeds. I have seen this myself but still do not understand.

      • I warned him that this was likely a scam, but he was so enamoured with this girl that he invested anyway.

        This is one part which fascinates me greatly - that even when warned by friends or relatives, who they know well and trust, the mark ignores that and proceeds. I have seen this myself but still do not understand.

        His explanation is that he "didn't have his head screwed on straight". A man who becomes enfatuated with a woman will often act irrationally.

  • by redelm ( 54142 ) on Wednesday February 01, 2023 @06:55PM (#63258459) Homepage

    Just another version of the "Long Con" (see wiki). Nice portrayed in "The Sting". Now more profitable because multiple long-cons can be run concurrently with electronic communications the norm.

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...