- A Chinese phishing gang recently took advantage of China’s ban on international apps, and targeted crypto users with a fake Skype app.
- The fake app contained malware and modified a network framework to steal personal information and replace wallet addresses.
- The scammers drained more than $200,000 ETH and TRX tokens.
- The crypto security firm SlowMist has blacklisted the wallet addresses linked to the scam and warns the crypto community to be vigilant.
According to a recent report, a phishing scam from a group of Chinese hackers has now been exposed by SlowMist, a crypto security firm.
These reports also suggest that these scammers used a fake Skype video app to trick their victims into sending their funds to malicious addresses.
More details below:
A Successful Scam, Despite China’s Ban On International Apps
According to SlowMist, thousands of victims have lost hundreds of thousands of dollars to a simple, yet clever phishing operation carried out by these hackers.
But how did SlowMist discover that these hackers were Chinese?
SlowMist reports that the signature information on the scam details was labelled “CN”.
Because of this, the crypto security firm was able to pinpoint the exact origin of the scam.
SlowMist reports that these hackers were able to take advantage of China’s ban on international applications.
The ban made it impossible for Chinese citizens to access social media applications outside of China. Because of this, many of the country’s citizens resorted to searching for and downloading modified applications like Telegram, WhatsApp, and Skype, through third-party platforms.
The hackers, of course, noticed this and started to create fake, cloned applications that they injected with some viruses, designed to attack crypto wallets.
SlowMist reports that one of these fake applications was Skype.
How All That Money Was Stolen
This version of Skype had a different version number from the official one and also had a fake back-end domain that initially impersonated Binance.
The scam was first noticed by a user, who lost ‘a significant amount of money’ to the same scam.
Upon investigation by SlowMist, it was discovered that the fake app contained malware, and also modified a network framework called okhttp3.
Upon installation, this fake Skype app requested access to internal files and images, which is a common permission request for social media applications.
Once the user approved this request, the app began to steal and upload images, device information, user ID, phone number, and other personal information to the back end at the domain “https://bn-downlo […] /upload”.
As if that wasn’t enough, this app also scanned for images and messages that appeared to contain TRX and ETH wallet addresses.
When it found such addresses, it simply deleted and replaced them with the scammers’ addresses.
This way, the unsuspecting users would send their funds to the wrong addresses without notice.
The Chinese Scammers Drained More Than $200,000 ETH and TRX Tokens
According to the SlowMist report, the fake app was tested and was discovered to have stopped the wallet address replacement.
The phishing interface’s back end had also been shut down and no longer returned malicious addresses.
The SlowMist team has also tracked down several wallet addresses linked to the scam and discovered that one of the addresses on the TRON chain received approximately 192,856 USDT in 110 transactions.
Another one stole a whopping 7,800 USDT in 10 transactions.
All of these wallet addresses have been blacklisted by SlowMist, and the crypto security firm warns the crypto community to be vigilant of this, and other kinds of scam attacks.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.