SlowMist Exposes Crypto Fund Theft Linked to Fake Skype App

A sophisticated phishing scam involving a counterfeit Skype application has resulted in the theft of a substantial amount of cryptocurrency, according to SlowMist, a prominent blockchain security firm.

The investigation has also revealed a connection to a past phishing incident that involved the same domain previously posing as Binance.

Phishing App Mimics Skype in Security Breach

A recent discovery by SlowMist, a prominent blockchain security company, has unveiled a sophisticated phishing scam that revolves around a fraudulent Skype application. The investigation was ed by a victim’s report of funds being stolen after downloading a counterfeit Skype app from the internet.

New SlowMist Investigation Report:

Fake Skype App Phishing Analysis

Our latest report exposes how a fake Skype app led to the theft of stolen funds in the Web3 sphere.

Dive into our investigation for more insights on this scam and how you can stay protected!…

— SlowMist (@SlowMist_Team) November 12, 2023

The counterfeit app, which displayed a signature pointing to a probable Chinese origin, was found to be inconsistent with the official Skype release. It was engineered to perform malicious operations by altering the commonly used Android network framework, okhttp3.

Upon further analysis, the team discovered that once the fake Skype app was uted, the modified Okhttp3 began to request permissions to access files, photo albums, and other data, which users generally grant without suspicion. However, once these permissions are granted, the app immediately starts uploading sensitive data like images, device information, user ID, and phone numbers to a phishing backend.

The Connection to a Previous Fake Binance App

The investigation revealed a link to a previous phishing attempt: the backend domain ‘bn-download3.com’ had previously impersonated the Binance exchange. This similarity suggests that the same criminal group is behind both the fake Skype and Binance apps.

By manipulating network traffic, these apps have replaced legitimate cryptocurrency wallet addresses with those controlled by the attackers.

SlowMist’s analysis also revealed significant financial losses. One of the malicious addresses, associated with the TRON chain, had received about 192,856 USDT through 110 transactions.

Although there is still a balance in this address, most of these funds have been transferred out. Another ETH chain address saw approximately 7,800 USDT stolen in 10 transactions. Most of these funds were moved using BitKeep’s Swap service, with transaction fees sourced from OKX.

SlowMist has issued an urgent call for increased vigilance in response to these alarming findings. They advise users to exercise extreme caution when downloading apps, especially from unverified sources. The firm emphasizes the importance of relying on official app sources to significantly reduce the risk of falling prey to such fraudulent schemes.