Google has filed charges against two app developers for participating in an “international online consumer investment fraud scheme” that tricked users into downloading fake Android apps from the Google Play Store and other sources and stole their funds under the guise of promises of higher returns.
The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka Zhang Hongnim or Stanford Fischer), who are believed to be in Shenzhen and Hong Kong respectively.
The defendants are said to have uploaded around 87 crypto apps to the Play Store to carry out a social engineering scam since at least 2019, with more than 100,000 users downloading them, leading to substantial financial losses.
“The gains conveyed by the apps were illusory,” the tech giant said in its complaint. “And the scheme didn’t end there.”
“Instead, when individual victims attempted to withdraw their balances, the defendants and their associates would double down on the scheme by demanding various fees and other payments from the victims that were allegedly required for the victims to recover their principal investments and alleged profits.”
Although this type of scam is commonly referred to as pig slaughter (also known as shā zhū pán), Google said it “neither endorses nor supports the use of this term”. It stems from the idea that victims are fattened up like pigs with the promise of a lucrative return before being “slaughtered” for their assets.
In September 2023, the US Financial Crimes Enforcement Network (FinCEN) said these scams are being carried out by criminal enterprises based in Southeast Asia that employ hundreds of thousands of people smuggled into the region by promising them well-paying jobs.
The fraudulent scheme involves fraudsters using elaborate fictitious personas to target unsuspecting individuals via social media or dating platforms, luring them with the prospect of a romantic relationship to build trust and convince them to invest in cryptocurrency portfolios that allegedly offer high returns in the short term within a period of time with the aim of stealing their funds.
In order to create the appearance of legitimacy, financially motivated actors have been known to fabricate websites and mobile apps to display a fake investment portfolio with high returns.
Sun and Cheung, Google said, lured investor victims into downloading their fake apps via text messages using Google Voice to target victims in the US and Canada. Other distribution methods include affiliate marketing campaigns that offer commissions for “referrals” and YouTube videos promoting fake investment platforms.
The company described the malicious activity as ongoing and continuous, with the defendants “using various computer network infrastructures and accounts to disguise their identities, while providing material false information to Google.”
He also accused them of violating the Racketeer Influenced and Corrupt Organizations Act (RICO), conducting wire fraud, and violating the Google Play App Signing Terms of Service, the Developer Program Rules, the YouTube Community Guidelines, and the Google Voice Acceptable Use Policy.
“Google Play can only continue to be an app distribution platform that users want to use if users feel confident about the integrity of apps,” Google added. “By using Google Play to carry out their fraud scheme, the defendants compromised Google Play’s integrity and user experience.”
It’s worth noting that the problem isn’t limited to the Android ecosystem, as previous reports indicate that such fake apps have repeatedly made their way to the Apple App Store.
This is the latest in a series of legal actions taken by Google to prevent misuse of its products. In November 2023, the company sued multiple individuals in India and Vietnam for distributing fake versions of its chatbot Bard AI (now renamed Gemini) to spread malware through Facebook.