The fake Skype app is being widely distributed on the Internet in China, the SlowMist security team has discovered.
As many international markets are inaccessible within China due to local regulations, bad actors are actively exploiting this gap, flooding the market with phishing apps targeting crypto investors.
According to a blockchain security company, SlowMist, a group of Chinese scammers recently began distributing a fake version of Skype (version 8.87.0.403) for Android devices among multiple local marketplaces, such as 51pgzs, siyuetian, and others. They lure victims into believing that they downloaded a legitimate version of the video chat app.
Once the malicious app is installed, it fetches images from various directories on the Android phone and monitors any new images in real time. All images stored on the victim’s device are uploaded to the phishing gang’s backend interface.
SlowMist analysts also discovered that the gang behind the fake Skype app also targeted users in 2022 with their fraudulent version of Binance, noting that both malicious apps have a similar backend domain “bn-download3”.[dot] com.”
“Further analysis revealed that ‘bn-download[number]’ is a series of fake domains used by this phishing gang specifically for Binance phishing, indicating that this gang is a repeat offender specifically targeting Web3, ″ according to SlowMist.
The malicious app sends data to the criminals’ backend, such as device information, user ID, and phone number. To make matters worse, the fake Skype even monitors incoming and outgoing messages to see if they include TRON or Ethereum type address format strings to replace them with pre-made addresses automatically by the scammers.
SlowMist discovered that the TRON chain address, which belongs to the scammers, had received almost $193,000 in Tether (USDT) with 110 transactions, and noted that the funds are still coming in as the most recent transaction was on November 8, 2023. Most of the stolen funds were laundered through BitKeep’s Swap service, and the transaction fees were covered by a registered user on the OKX crypto exchange, SlowMist emphasized.
ZachXBT Reveals $27M Crypto Heist on Binance-Linked Wallet
According to on-chain detective ZachXBT, a cryptocurrency wallet recently suffered a breach. The attack occurred on November 11, resulting in the loss of the $27 million Tether (USDT) stablecoin wallet.
According to ZachXBT analysis, the stolen funds were quickly converted from USDT to Ethereum (ETH). After this, they underwent a series of transactions on various services, including FixFloat and ChangeNow. The final phase involved linking these assets to Bitcoin through THORChain, a decentralized liquidity protocol.
The origin of the funds adds an intriguing layer to the story. The wallet had received the sum through a Binance withdrawal just a week before the heist. To further deepen the connection, ZachXBT research revealed that in May 2019, the same wallet received funds from an address marked by Etherscan as a Binance smart contract implementer.
Record Loss of $699 Million in Web3 Security Breaches in Q3 2023
According to Certik’s quarterly Web3 Security report for the third quarter of 2023, this quarter has been the most eventful, with more than $699 million lost in 184 security incidents. This figure exceeds the combined losses of the first two quarters, with $320 million in losses in the first quarter and $313 million in the second.
The report highlights the Lazarus Group, affiliated with the North Korean state, as one of the most formidable threat actors responsible for significant losses. Another major factor contributing to this quarter’s losses was private key compromises, which accounted for $204 million across 14 incidents.
By Audy Castaneda
