Chinese hackers use fake Skype app to target crypto users in new phishing scam
A new phishing scam has emerged in China that uses a fake Skype video app to target crypto users.
According to a report by crypto security analytics firm SlowMist, the Chinese hackers behind the phishing scam used China’s ban on international applications as the basis of their fraud, with many mainland users often searching for these banned applications via third-party platforms.
Social media applications such as Telegram, WhatsApp and Skype are some of the most common applications searched for by mainland users, so scammers often use this vulnerability to target them with fake, cloned applications containing malware developed to attack crypto wallets.
In its analysis, the SlowMist team found that the recently created fake Skype application displayed version 8.87.0.403, while the latest official version of Skype is 8.107.0.215. The team also discovered that the phishing back-end domain “bn-download3.com” impersonated the Binance exchange on Nov. 23, 2022, later changing to mimic a Skype back-end domain on May 23, 2023. The fake Skype app was first reported by a user who lost “a significant amount of money” to the same scam.
The fake app’s signature revealed that it had been tampered with to insert malware. After decompiling the app, the security team discovered a modified commonly used Android network framework, “okhttp3,” to target crypto users. The default okhttp3 framework handles Android traffic requests, but the modified okhttp3 obtains images from various directories on the phone and monitors for any new images in real time.
The malicious okhttp3 requests users to give access to internal files and images, and as most social media applications ask for these permissions anyway, they often don’t suspect any wrongdoing.
Read more on cointelegraph.com
