Blockchain security firm SlowMist announced a new phishing attack involving a fake Skype app that stole crypto funds from an unsuspecting victim.
Industry titans BlackRock, DTCC, OCC, State Street, Société Générale, Hedera, Citi, BMO, Northern Trust, Citibank, Amazon, S&P Global, Google, Invesco, and Moody’s will join Benzinga on Nov. 13 for Fintech Deal Day and Nov. 14 for Future of Digital Assets. Secure a spot here to join them.
What Happened: Phishing attacks using fake apps happen frequently, especially in regions where the download of apps is restricted in Google Play and instead encourages online downloads making the users' data vulnerable.
SlowMist received the information directly from the victim who said the phishing incident happened after he downloaded what he assumed to be a Skype app.
The report used MistTrack for analysis and found the TRON chain address (TJhqKzGQ3LzT9ih53JoyAvMnnH5EThWLQB) received around 192,856 USDT with 110 deposit transactions. The address has still a balance remaining with a most recent transaction on Nov. 8, 2023.
Also, an Ethereum chain address (0xF90acFBe580F58f912F557B444bA1bf77053fc03) received around 7,800 USDT in 10 deposit transactions. The majority of the funds were transferred out through BitKeep’s Swap service.
The report added that there are certain regions in China more prone to such attacks, which is caused by the inaccessibility of Google Play in China, making users search and download apps directly from the internet.
The apps available online are not limited to wallets and exchanges; social media applications such as Telegram, WhatsApp and Skype are also targeted.
How Did It Happen: After SlowMist’s investigation, it was revealed the app's certificate effective date was newly created in September and signature information indicated a Chinese origin. After a Baidu search, the fake app’s multiple sources were found to be in line with the one provided by the victim.
The report added, “Since social apps need to transfer files and make calls, users generally do not suspect these activities. After obtaining user permissions, the fake Skype immediately begins uploading images, device information, user ID, phone number, and other information to the backend.”
This phishing domain is connected to the app that initially replicated the crypto exchange Binance in November 2022 before switching to mimic Skype's backend in May 2023.
The SlowMist report added, “Further analysis revealed that ‘bn-download[number]’ is a series of fake domains used by this phishing gang specifically for Binance phishing, indicating that this gang is a repeat offender targeting Web3 specifically.”
Also Read: This Company Is Using AI To Establish Trust In A Digitally Connected World
Photo: Shutterstock
© 2026 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
To add Benzinga News as your preferred source on Google, click here.