Home Crypto Exchanges Beware: Chinese Hackers Exploit Fake Skype App in Latest Crypto Phishing Scam

Beware: Chinese Hackers Exploit Fake Skype App in Latest Crypto Phishing Scam

Crypto phishing scam

In a recent cybercrime revelation, crypto security firm SlowMist has uncovered a sophisticated phishing scam originating in China, designed to pilfer funds from unwitting cryptocurrency users. The scam revolves around a devious manipulation of a fake Skype video application, taking advantage of China’s stringent ban on international apps. With social media giants like Telegram, WhatsApp, and Skype being the go-to for many Chinese users seeking banned applications, scammers have found a fertile ground to deploy cloned apps infused with malware tailored to infiltrate crypto wallets.

SlowMist’s meticulous analysis of the fraudulent Skype application, sporting the version number 8.87.0.403, revealed a stark contrast to the legitimate Skype version, which stands at 8.107.0.215. The phishing scam’s backend domain, initially masquerading as the Binance exchange on November 23, 2022, slyly transitioned to mimic a Skype backend domain on May 23, 2023. The first report of this nefarious app came from a user who suffered a significant financial loss due to the scam.

Delving into the technical aspects, the security experts at SlowMist uncovered that the fake Skype app’s signature had been tampered with to insert malicious software. Upon decompiling the application, they identified a modification of the widely used Android network framework, okhttp3, tailored specifically to target crypto users. While the default okhttp3 framework handles routine Android traffic requests, the manipulated version combs through various directories on the user’s phone, monitoring for new images in real-time.

The insidious okhttp3 requests users to grant access to internal files and images, a request often overlooked as it mimics the permissions sought by legitimate social media applications. Once granted, the fake Skype app springs into action, uploading images, device information, user ID, phone number, and other critical data to its malicious backend.

Upon gaining access, the rogue application perpetually scans for images and messages containing cryptocurrency wallet addresses, specifically those resembling TRX and ETH formats. In a sinister twist, if such addresses are detected, they are instantly swapped with pre-set malicious addresses by the phishing gang, leaving victims none the wiser.

During testing by SlowMist, it was observed that the wallet address substitution abruptly ceased, signaling the shutdown of the phishing interface’s backend. This brought an end to the automatic replacement of addresses with malicious ones, providing a brief respite to potential victims.

In light of this alarming discovery, it is imperative for crypto users, especially those in China, to exercise caution when downloading applications from third-party platforms. As hackers become increasingly sophisticated in exploiting regional restrictions and user habits, staying vigilant is paramount to safeguarding one’s digital assets.

Key Takeaways for Crypto Users:

  1. Verify Application Versions: Always double-check the version number of applications before downloading, especially if prompted to do so outside official app stores. Discrepancies may indicate a fraudulent version.
  2. Be Wary of Permissions: Scrutinize and question requests for access to internal files and images, even if they mimic legitimate app permissions. When in doubt, err on the side of caution.
  3. Monitor Crypto Wallets: Regularly monitor cryptocurrency wallets for any unauthorized transactions or suspicious activities. Swift action can mitigate potential losses.
  4. Stay Informed: Stay abreast of the latest cyber threats and scams circulating in the crypto space. Awareness is the first line of defense against evolving tactics.
  5. Report Suspicious Activity: If you encounter any suspicious applications or activities, report them promptly to relevant authorities or cybersecurity firms. Early detection aids in swift counteraction.

This latest phishing scam underscores the need for continuous vigilance in the ever-evolving landscape of cybersecurity. As the digital realm becomes more intertwined with our daily lives, staying informed and adopting proactive security measures is non-negotiable. Let this serve as a stark reminder that, in the world of cryptocurrencies, safeguarding against potential threats is as crucial as making strategic investment decisions.

Read more about:
Share on

MikeT

Mike T, an accomplished crypto journalist, has been captivating audiences with her in-depth analysis and insightful reporting on the ever-evolving blockchain and cryptocurrency landscape. With a keen eye for market trends and a talent for breaking down complex concepts, Mike's work has become essential reading for both crypto enthusiasts and newcomers alike. Appreciate the work? Send a tip to: 0x4C6D67705aF449f0C0102D4C7C693ad4A64926e9

Crypto newsletter

Get the latest Crypto & Blockchain News in your inbox.

By clicking Subscribe, you agree to our Privacy Policy.

Get the latest updates from our Telegram channel.

Telegram Icon Join Now ×