Chinese Hackers Scam Crypto Users With A Fake Skype App

Chinese Hackers’ Ploy

A new trend of fraudulent activity has surfaced within China’s crypto community. The malicious actors behind this scam utilize a counterfeit Skype video application to attract unsuspecting crypto enthusiasts.

Reports from the crypto security analytics firm SlowMist have unveiled the tactics employed by the Chinese hackers behind this nefarious scheme. Leveraging China’s restrictions on international applications, these scammers targeted mainland users seeking prohibited applications through third-party platforms.

A Counterfeit Skype App

The hackers capitalized on the popularity of social media platforms like Telegram, WhatsApp, and Skype among Chinese crypto users. They crafted cloned applications with embedded malware designed to compromise crypto wallets, thus preying on the vulnerability of users seeking banned applications.

In an in-depth analysis by the SlowMist team, the counterfeit Skype app surfaced with version 8.87.0.403, distinctly different from the legitimate Skype’s latest version (8.107.0.215). Notably, the phishing back-end domain was a fake Binance exchange website as of Nov. 23, 2022, before its owners switched it to one resembling a Skype back-end domain on May 23, 2023.

Malicious Intent And Data Breach

Experts’ further scrutiny of the fake app’s signature revealed an alteration within the widely used Android network framework, “okhttp3.” This modified okhttp3 framework, while initially handling Android traffic requests, was weaponized to extract images from various device directories in real time and upload them to the scam’s back end.

Under the guise of seeking permissions typically requested by social media applications, the rogue Skype app obtained access to internal files, images, and crucial user information. The app stealthily scoured for cryptocurrency-related data, particularly strings resembling Tron (TRX) and Ether (ETH) wallet addresses, swiftly replacing them with predetermined malicious addresses set by the scamming syndicate.

During SlowMist’s investigative testing, it was discovered that the wallet address substitution ceased, indicating a possible shutdown of the phishing interface’s back end, halting the delivery of malicious addresses.

Meanwhile, a Tron chain address received 192,856 Tether (USDT) across 110 transactions. An ETH chain address acquired approximately 7,800 USDT in another series of ten transactions.

To mitigate further losses, the SlowMist team promptly flagged and blocked all wallet addresses associated with this deceitful scheme.

Beware Of Cold Wallet Scams – Crypto Trader Warns

Meanwhile, the Wolf of All Street recently sounded an alarm to his 916,700 followers regarding the vulnerability of hot and cold wallets to potential scams. He relayed an unsettling incident where one of his followers fell prey to a Ledger cold wallet scam.

This chilling revelation is a stark reminder of the lurking dangers within the crypto sphere. The Wolf of All Streets emphasized the importance of exercising utmost caution in crypto transactions and trading, especially during times of heightened volatility in the market.

The famous investor disclosed a conversation with a trusted individual, someone he described as vigilant about security practices. This user encountered an unsettling security issue with their Nano-S hard wallet: a 503 HTTP API error surfaced during synchronization.

Losing It All

The victim sought assistance from Ledger Support via Twitter to resolve this alarming occurrence. Shockingly, a scammer masqueraded as Ledger’s Chief Technology Officer (CTO) by swiftly responding through direct messages (DMs), offering immediate guidance to resolve the problem.

The victim, guided by this imposter, underwent a series of steps supposedly meant to rectify the issue. Tragically, these actions culminated in the complete draining of the victim’s wallet.

The imposter adeptly manipulated the situation, reassuring the victim that the actions were end-to-end encrypted and necessary for synchronization. However, the devastating aftermath occurred within minutes as the victim lost all their cryptocurrency holdings to the supposed Ledger CTO.

This encounter is another reason crypto holders must remain vigilant, verify sources meticulously, and exercise prudence, especially when dealing with sensitive financial instruments in the crypto domain.