Phishing Attacks Steal Crypto Funds Through Fake Skype App Download

Blockchain security firm SlowMist announced a new phishing attack involving a fake Skype app that stole crypto funds from an unsuspecting victim.

Industry titans BlackRockDTCCOCCState StreetSociété GénéraleHederaCitiBMONorthern TrustCitibankAmazonS&P GlobalGoogleInvesco, and Moody’s will join Benzinga on Nov. 13 for Fintech Deal Day and Nov. 14 for Future of Digital Assets. Secure a spot here to join them.

What Happened: Phishing attacks using fake apps happen frequently, especially in regions where the download of apps is restricted in Google Play and instead encourages online downloads making the users' data vulnerable.

SlowMist received the information directly from the victim who said the phishing incident happened after he downloaded what he assumed to be a Skype app.

The report used MistTrack for analysis and found the TRON chain address (TJhqKzGQ3LzT9ih53JoyAvMnnH5EThWLQB) received around 192,856 USDT with 110 deposit transactions. The address has still a balance remaining with a most recent transaction on Nov. 8, 2023.

Also, an Ethereum chain address (0xF90acFBe580F58f912F557B444bA1bf77053fc03) received around 7,800 USDT in 10 deposit transactions. The majority of the funds were transferred out through BitKeep’s Swap service.

Read More: Bitcoin, Ethereum Exchange Bitfinex Users Targeted In 'Minor' Phishing Attack After Support Agent's Account Breached

The report added that there are certain regions in China more prone to such attacks, which is caused by the inaccessibility of Google Play in China, making users search and download apps directly from the internet.

The apps available online are not limited to wallets and exchanges; social media applications such as Telegram, WhatsApp and Skype are also targeted.

How Did It Happen: After SlowMist’s investigation, it was revealed the app's certificate effective date was newly created in September and signature information indicated a Chinese origin. After a Baidu search, the fake app’s multiple sources were found to be in line with the one provided by the victim.

The report added, “Since social apps need to transfer files and make calls, users generally do not suspect these activities. After obtaining user permissions, the fake Skype immediately begins uploading images, device information, user ID, phone number, and other information to the backend.”

This phishing domain is connected to the app that initially replicated the crypto exchange Binance in November 2022 before switching to mimic Skype's backend in May 2023.

The SlowMist report added, “Further analysis revealed that ‘bn-download[number]’ is a series of fake domains used by this phishing gang specifically for Binance phishing, indicating that this gang is a repeat offender targeting Web3 specifically.”

Also Read: This Company Is Using AI To Establish Trust In A Digitally Connected World

This news comes on the heels of Benzinga’s Future Of Digital Assets Event in New York scheduled on Nov. 14. Attend and learn more about phishing attacks and how important a secure and transparent network is. The gathering is seen as pivotal for the digital assets community. The event will spotlight the latest trends, innovations, and challenges in the digital asset realm.

Photo: Shutterstock

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!