Hackers from China have developed a fake Skype app to steal cryptocurrency

Cybercriminals from China are taking advantage of the country’s ban on international apps. It is this ban that forces many users to download foreign messengers, including Telegram, WhatsApp, and Skype, through unofficial platforms.

The version of the fake Skype found by SlowMist analysts is 8.87.0.403. The latest official version of the app is actually 8.107.0.215. It is noteworthy that until November 23, 2022, the phishing internal domain «bn-download3.com», where the attackers hosted a fake video chat, impersonated the largest cryptocurrency exchange Binance.

The report states that the hackers introduced malware that modified a popular Android networking framework called okhttp3. With the help of the malicious framework, the attackers gained access to internal files and images of the user, device data, phone number, and other information. This allowed fraudsters to track messages with address strings similar to TRON (TRX) and Ethereum (ETH). When detected, the malware would replace them with hackers' wallets, where users' funds were transferred.

The SlowMist team found that about 200 thousand USDT were transferred to one of the malicious addresses in the TRON network. The last of 110 transactions was made on November 8.

Experts also came across an address in the Ethereum network. In 10 transactions, the crypto wallet received 7.8 thousand USDT. The funds were transferred using the BitKeep swap service, and the transfer fee was received from the OKX cryptocurrency exchange.

SlowMist noted that the phishing app is no longer working.