Cybersecurity firm SlowMist has disclosed a sophisticated phishing operation involving a counterfeit Skype application, leading to significant losses of cryptocurrency funds. This incident highlights the escalating challenge of cyber fraud in the digital age, particularly in the crypto industry.
Uncovering the deceptive scheme
The investigation by SlowMist began after a victim reported a loss of funds through a Skype application downloaded from an unofficial source on the internet. The counterfeit app, disguised as a legitimate Skype application, was found to be part of a broader trend of phishing attacks in the Web3 world, where users often download applications from non-official sources due to the inaccessibility of Google Play in regions like China.
SlowMist’s analysis revealed critical anomalies in the app’s signature information, suggesting a likely Chinese origin. The app used an outdated version of Skype, differing significantly from the genuine app’s latest version. This discrepancy was a clear indicator of the app’s illegitimacy. Further investigation showed that the app utilized a modified version of the Android network framework okhttp3, enabling it to carry out various malicious operations. This tampering enabled the app to access and upload personal data, including images and user information, to a phishing backend. The same phishing domain, ‘bn-download3.com’, impersonated Binance exchange in late 2022 before shifting to mimic a Skype backend in mid-2023. This connection led to the discovery that the same phishing gang was responsible for a previous counterfeit Binance app, indicating a targeted attack pattern against Web3 platforms.
Recommendations for users
In the report, SlowMist also made some proactive measures by blacklisting these malicious addresses. These addresses had accumulated large amounts of cryptocurrency, underscoring the severity of the threat.
The firm’s proactive measures in exposing and mitigating the threat are crucial in the ongoing battle against such sophisticated cyber threats.To reduce the risk of falling prey to phishing attacks, SlowMist has recommended that users rely solely on official app download channels. Additionally, users are advised to improve their security awareness to prevent such attacks from occurring.