A deceptive Skype application circulating in China has led to a phishing scam, resulting in cryptocurrency theft, warns SlowMist, a leading blockchain security firm.
Pictures taken from SlowMist:
The scheme, discovered after a victim reported funds being stolen post downloading the fake Skype app, has been linked to a previous phishing incident impersonating Binance.
The counterfeit Skype app, displaying a likely Chinese origin, differs from the official release.
Upon decompiling the app, the security team uncovered a modification to the widely used Android network framework, “okhttp3,” designed to target cryptocurrency users.
While the default okhttp3 framework typically manages Android traffic requests, the adapted version goes beyond, retrieving images from diverse directories on the phone and actively monitoring for any newly added images in real-time.ata.
Once granted permissions, the application uploads sensitive information like images, device details, user ID, and phone numbers to a phishing backend.
Impersonation of Binance Resurfaces
The investigation uncovers a connection to a prior phishing attempt involving the same criminal group.
The backend domain, ‘bn-download3.com,’ originally posed as Binance on 23 November 2022.
These apps tamper with network traffic to replace legitimate cryptocurrency wallet addresses with those controlled by the attackers.
Impact on Crypto Users
SlowMist’s analysis reveals substantial financial losses, with a TRON chain address receiving 192,856 USDT through 110 transactions.
Another ETH chain address saw approximately 7,800 USDT stolen in 10 transactions, mainly through BitKeep’s Swap service, using OKX for transaction fees.
Urging increased vigilance, SlowMist advises users to exercise caution, especially when downloading apps from unverified sources.
Relying on official app sources reduces the risk of falling victim to such fraudulent schemes.