The Federal Bureau of Investigation (FBI) is warning American citizens to be extra careful when downloading cryptocurrency and investment apps, as some of them are fake and designed only to steal victim’s money.
“The FBI has observed cybercriminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cybercriminals have used with increasing success over time to defraud the investors of their cryptocurrency,” the Bureau said (opens in new tab).
The organization claims criminals have so far defrauded 244 victims out of $42.7 million.
Impersonating the US government
While there are bound to be more, the FBI pointed its finger toward two unique apps – Yibit, and Supayos as some of the main culprits.
Active since October and November 2021, respectively, the app operators managed to convince gullible retail investors to deposit their money into these apps, only later to withdraw them themselves. What’s more, since late 2021, some of the attackers impersonated (opens in new tab) US financial institutions for the same goal.
Even though the cryptocurrency world is in a deep bear market (Bitcoin has lost roughly two-thirds of its value since November 2021), cybercriminals are as active as ever. Some of them are using advanced techniques, such as deepfake videos, to trick people into thinking high-profile individuals endorse their projects.
Others are creating fake social media accounts of attractive women, asking for “help” or inviting people into co-investing in projects that promise high returns on their investments.
Cryptominers, malware that mines cryptocurrencies, are as popular among cybercriminals as ever before, and tokens are still the number one payment method in ransomware attacks.
The FBI urges everyone to be extra careful when downloading apps, to make sure they’re only downloading from legitimate sources (for example, Google’s and Apple’s mobile app repositories), and to have two-factor authentication enabled on all accounts.