Chinese hackers use fake Skype app to target crypto users in new phishing scam
A new phishing scam has actually emerged in China that uses a phony Skype video app to target crypto usersAs per a report by crypto security analytic firm SlowMist, the Chinese hackers behind the phishing rip-off utilized Chinas restriction on worldwide applications as the basis of their fraud, as a number of mainland users frequently search for these prohibited applications through third-party platforms, to acquire hundreds of thousands of dollars.Social media applications such as Telegram, WhatsApp, and Skype are a few of the most common applications looked for by mainland users, so scammers often use this vulnerability to target them with fake, cloned applications including malware developed to attack crypto wallets.Baidu search results for Skype. Source: BaiduIn its analysis, the SlowMist group found that the recently produced phony Skype application bore version number 8.87.0.403, while the most current version of Skype is really 8.107.0.215. The group likewise found that the phishing back-end domain bn-download3. com impersonated the Binance exchange on Nov. 23, 2022, and later on changed it to imitate a Skype backend domain on May 23, 2023. The phony Skype app was initially reported by a user who lost a substantial amount of cash to the exact same scam.The phony apps signature exposed that it had actually been tampered with to place malware, and after decompiling the app the security group found that it modified a commonly utilized Android network framework called okhttp3 to target crypto users. The default okhttp3 structure manages Android traffic demands, however the customized okhttp3 obtains images from different directories on the phone and displays for any brand-new images in real-time. The harmful okhttp3 demands users to give access to internal files and images, and as the majority of social media applications request these consents anyway they frequently dont suspect any misbehavior. Thus, the fake Skype instantly begins submitting images, device information, user ID, phone number, and other information to the back end. Once the fake app has access, it continuously searches for images and messages with TRX and ETH-like address format strings. They are automatically changed with harmful addresses pre-set by the phishing gang.Fake Skype app backend if such addresses are detected. Source: SlowmistDuring SlowMist testing, it was discovered that the wallet address replacement had stopped, and the phishing interfaces back end was shut down and no longer returned malicious addresses.Related: 5 sly tricks crypto phishing fraudsters used last yearThe group also found that a TRON chain address (TJhqKzGQ3LzT9ih53JoyAvMnnH5EThWLQB) received approximately 192,856 USDT till Nov. 8 with a total of 110 deals made to the address. At the exact same time, another ETH chain address (0xF90acFBe580F58f912F557B444bA1bf77053fc03) got approximately 7,800 USDT in 10 deposit deals. In all, more than 100 harmful addresses connected to the rip-off were exposed and blacklisted.Magazine: Thailands $1B crypto sacrifice, Mt. Gox last deadline, Tencent NFT app nixed
Related Content
- Girl Gone Crypto thinks ‘BREAKING’ crypto news tweets are boring: Hall of Flame
- Threads copies Twitter again, introduces ‘rate limits’ to combat bots
- Opinion: Is this exchange the next FTX?
- Bitcoin eyes $28K push as traders demand CPI day BTC price volatility
- Balancer protocol exploited for $900K as DeFi hacks mount: Finance Redefined
Other Questions People Ask
What methods are Chinese hackers using with the fake Skype app to target crypto users in the new phishing scam?
Chinese hackers are leveraging a counterfeit Skype video application to exploit crypto users, utilizing malware designed to infiltrate crypto wallets. The fake app, which mimics a legitimate version of Skype, requests permissions that allow it to access sensitive information on users' devices. Once installed, it can capture images and messages related to cryptocurrency transactions, replacing legitimate wallet addresses with those controlled by the scammers.
How does the fake Skype app developed by Chinese hackers manipulate user data in the phishing scam?
The fake Skype app manipulates user data by modifying a widely used Android network framework called okhttp3. This tampered framework allows the app to continuously search for images and messages containing cryptocurrency wallet addresses. When such addresses are detected, they are automatically replaced with malicious addresses set by the phishing gang, leading to unauthorized transactions and financial loss for the victims.
What precautions can crypto users take to avoid falling victim to the fake Skype app phishing scam?
Crypto users should be cautious about downloading applications from unofficial sources, especially those that mimic popular apps like Skype. It's essential to verify the app's version number and check for any discrepancies with the official release. Additionally, users should regularly monitor their crypto wallets for unauthorized transactions and enable two-factor authentication wherever possible to enhance security against phishing attempts.
What impact has the fake Skype app had on crypto users according to SlowMist's findings?
According to SlowMist's findings, the fake Skype app has led to significant financial losses for crypto users, with one TRON chain address reportedly receiving nearly 192,856 USDT from victims. The analysis revealed over 100 malicious addresses linked to this scam, indicating a widespread operation targeting unsuspecting individuals. This highlights the urgent need for increased awareness and security measures among crypto users to combat such sophisticated phishing scams.