Cybersecurity firm SlowMist has exposed a sophisticated phishing attack, revealing the manipulation of a counterfeit Skype app by Chinese hackers. Exploiting China’s ban on certain international applications, these scammers crafted a fraudulent version of Skype, preying on cryptocurrency enthusiasts seeking prohibited apps through third-party platforms.
Creating The Fraudulent App
Telegram, WhatsApp, and Skype were targeted by the hackers, capitalizing on the demand for these apps within mainland China. Their ingenious approach involved designing a counterfeit Skype app that mimicked version 184.108.40.2063, significantly different from the legitimate version, 220.127.116.11. After a user reported substantial financial losses, the scam was exposed. Upon investigation, it was discovered that the app’s altered signature contained malware designed specifically to steal cryptocurrency.
Phishing Attack And Redirection Of Funds
The fraudulent Skype app’s malicious code manipulated okhttp3, an Android network framework, to surreptitiously extract various data from user’s devices, including images, user IDs, and contact numbers. Notably, it targeted cryptocurrency wallet-related information.
Using the app, scammers detect and replace legitimate crypto wallet addresses with addresses owned by themselves within images and messages. This manipulation allowed the hackers to reroute funds for genuine transactions to their wallets.
Protective Measures And User Safety
Over 100 wallet addresses were tracked by SlowMist as part of their investigation into this phishing operation. On the TRON chain, 192,856 USDT were transferred, and on the ETH chain, 7,800 USDT were sent. To forestall further fraudulent activities, these addresses have been blacklisted as a precautionary measure.
Implications And User Safety Measures
Innovative Phishing Tactics: The scam highlighted the hackers’ sophisticated tactics, manipulating a fake Skype app to deceive users and siphoning off cryptocurrency funds.
Enhancing Cybersecurity Vigilance: Users are urged to exercise caution, particularly while downloading apps from third-party sources, to safeguard against similar fraudulent activities.