May 17, 2021 IT security company Sophos has identified a stash of 167 counterfeit Android and iOS apps that attackers are using to steal money from people who believe they have installed a financial trading, banking or cryptocurrency app from a well-known and trusted organisation. A report on the findings, “Fake Android and iOS apps disguised as trading and cryptocurrency apps”, shows how the attackers used social engineering techniques, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to unsuspecting users. Sophos researchers investigated the fake apps and found that many were very similar. Some included an embedded customer support “chat” option. When researchers tried to communicate with the support teams using the chat, the replies they received used near-identical language.