These apps, fished out by Google, although disguised as legitimate platforms, were allegedly part of an elaborate scheme that defrauded over 100,000 users globally.

The lawsuit targets Yunfeng Sun (also known as Alphonse Sun) and Hongnam Cheung (also known as Zhang Hongnim or Stanford Fischer), who Google believes are behind the scheme. 

The complaint alleges that since at least 2019, the pair uploaded a network of 87 fraudulent apps to the Play Store. These apps lured victims in with promises of high returns on cryptocurrency investments, but ultimately functioned as a way to steal users’ money.

According to Google, the scammers used a multi-pronged approach to attract victims. They launched text message campaigns, primarily targeting users in the US and Canada, using Google Voice to mask their identities. 

Additionally, they employed promotional videos on YouTube and other platforms to create an air of legitimacy. Finally, they utilized affiliate marketing schemes, offering commissions to users who recruited others to the fraudulent apps.

The lawsuit details how the apps were designed to appear trustworthy. Users were shown fabricated account balances and purported investment returns, fostering a sense of security. 

However, when users attempted to withdraw their funds, they were met with roadblocks. Some were initially allowed to withdraw small amounts to further incentivize investment, while others were hit with fees or minimum balance requirements – tactics Google claims were used to “bilk some victims out of even more money.”

Google is focused on user safety and highlights this lawsuit as a landmark effort. “This is a unique opportunity for us to use our resources to actually combat bad actors who were running an extensive crypto scheme to defraud some of our users,” said Halimah DeLaine Prado, Google’s general counsel. She further emphasized the lawsuit’s role in setting a precedent: “We don’t tolerate this behavior.”

The lawsuit seeks to recover damages exceeding $75,000 incurred by Google in investigating the scheme, and also permanently bar the defendants from accessing Google services and creating new accounts. 

Kaspersky experts have witnessed one such unusual scheme, in which attackers promote fake crypto services on YouTube.

They are trying to reach those interested in cheap cryptocurrency by leaving comments on popular videos – but of course, the currency won’t be received.

The scammers choose trending videos on YouTube and leave comments promoting a fake “breach” in the crypto market.

To make their message more visible, they falsify statistics in comments, and place bot replies to amplify the initial comment.

The comment encourages viewers to visit the author’s own YouTube channel and watch a video that provides instructions on how to benefit from a supposed exchange rate bug. Users may not notice that this video is the only one published on the channel.

The video is definitely fabricated: the edits in the exchange rate rows are visible to the naked eye, and the comments are packed with overjoyed feedback.

The video is definitely fabricated: the edits in the exchange rate rows are visible to the naked eye, and the comments are packed with overjoyed feedback.

The link under the video leads to fraudulent exchanger.

Once a user arrives on the webpage linked in the description, the victim sees a facility to exchange bitcoin – but if they use it, they will never see this money again, as the service is fake.

Once a user arrives on the webpage linked in the description, the victim sees a facility to exchange bitcoin – but if they use it, they will never see this money again, as the service is fake.

“Cryptocurrency is coping with difficult times because of a constant drop in exchange rates. Those who want to buy currency at the best price are frequently being targeted by fraudsters. Our recent investigation shows that today attackers resort to new, and more mainstream ways to reach their victims – even considering their YouTube preferences. We strongly recommend users carefully check the crypto resources they turn to and do not rely on random comments on YouTube,” comments Mikhail Sytnik, a security expert at Kaspersky.

Solutions:

To avoid scams, save money and keep personal data private, Kaspersky experts share the following simple tips:

Check any link before clicking:

Hover over it to preview the URL and look for misspellings or other irregularities. It’s also good practice to only enter a username and password over a secure connection. Look for the HTTPS prefix before the site URL, indicating the connection to the site is secure. 

Sometimes fake emails and websites look just like real ones:

It depends on how well the criminals did their homework. In particular, the hyperlinks will, most likely, be incorrect — with spelling mistakes.

However, the links can also be disguised to look like valid links and redirect you to a different page, impersonating the legitimate site.

To protect your data and finances, it is good practice to make sure the online checkout and payment page is secure:

You’ll know it is if the web page’s URL begins with HTTPS instead of the usual HTTP; an icon of a lock will also typically appear beside the URL and the address bar in some browsers will be green. If you don’t see these features, do not proceed.

Use a trusted security solution that can help you check the security of the URL that you’re visiting and also provides the ability to open any site in a protected container to prevent theft of sensitive data, including financial details.