The FBI has issued a warning that threat actors are stealing millions of dollars in cryptocurrency by impersonating play-to-earn gaming apps. According to the agency, cybercriminals are luring users with financial incentives, prompting them to create a cryptocurrency wallet, purchase cryptocurrency, and join a specific game app.
Fake play-to-earn app
The apps are designed to accrue fictitious rewards that vanish when users stop depositing funds into the linked wallets. Criminals then use a malicious program to steal the money, which is activated when users join the game. Even if victims pay additional fees to reclaim their funds, they are unable to do so.
The FBI recommends that users create separate wallets for their primary cryptocurrency holdings and use third-party blockchain explorers to independently verify the balances of addresses in gaming wallets. Furthermore, a third-party token allowance checker can assist users in determining which sites or apps have been granted access to their funds.
This attack model employs social engineering schemes in which attackers contact victims online and develop a relationship with them over time in order to entice them to download fake apps.
According to Sophos cybersecurity, cybercriminals have discovered a way to add fraudulent apps to Apple and Google’s official app stores in order to carry out “pig butchering” scams. Remote content is being used by scammers to provide codes that allow fraudulent apps to appear legitimate to app store reviewers. When the apps are approved, they display a fake CryptoRom trading interface.