Chinese hackers create a fake Skype app to steal cryptocurrencies

SlowMist researchers uncovered a counterfeit Skype app used by Chinese hackers to steal hundreds of thousands of dollars across various cryptocurrencies.

New SlowMist Investigation Report:

Fake Skype App Phishing Analysis

Our latest report exposes how a fake Skype app led to the theft of stolen funds in the Web3 sphere.

Dive into our investigation for more insights on this scam and how you can stay protected!…

— SlowMist (@SlowMist_Team) November 12, 2023

The phishing operators exploit the country’s ban on international messaging apps, forcing users to download them from unofficial sources.

According to SlowMist, the malicious Skype carried version number 8.87.0.403, while the latest version of the real app is 8.107.0.215. From November 2022 to May 2023, the phishing internal domain bn-download3.com used by the hackers posed as the Binance exchange.

Researchers found that the malicious software modified the widely used Android networking library okhttp3 to target cryptocurrency holders.

Using this, the attackers could access internal files and images, as well as device system information. This enabled them to monitor messages containing address-like strings such as TRX and ETH. Later, wallets were swapped for ones owned by the hackers.

During the analysis, SlowMist identified and blacklisted more than 100 malicious addresses related to this scam. In particular, one of the Tron wallets received 110 transactions worth over 192,856 USDT by November 8.

Another ETH address received 7,800 USDT across 10 deposit transactions.

Earlier in January, users became victims of espionage by a trojanized Telegram.