Cybersecurity firm SlowMist exposes fake Skype app in latest crypto phishing scam

Most read

Loading Most Ready posts..


  • Cybersecurity firm SlowMist uncovered a sophisticated phishing scheme involving a fake Skype app, leading to significant crypto fund thefts.
  • The counterfeit app, downloaded from an unofficial source, was engineered to replace user-entered crypto wallet addresses with those controlled by the phishing gang, and also uploaded personal data to a remote server.
  • This phishing operation is linked to a previous fake Binance app, highlighting a pattern of targeted attacks against Web3 platforms and underscoring the need for heightened cybersecurity awareness and practices.

Cybersecurity firm SlowMist has disclosed a sophisticated phishing operation involving a counterfeit Skype application, leading to significant losses of cryptocurrency funds. This incident highlights the escalating challenge of cyber fraud in the digital age, particularly in the crypto industry.

Uncovering the deceptive scheme

The investigation by SlowMist began after a victim reported a loss of funds through a Skype application downloaded from an unofficial source on the internet. The counterfeit app, disguised as a legitimate Skype application, was found to be part of a broader trend of phishing attacks in the Web3 world, where users often download applications from non-official sources due to the inaccessibility of Google Play in regions like China.

SlowMist’s analysis revealed critical anomalies in the app’s signature information, suggesting a likely Chinese origin. The app used an outdated version of Skype, differing significantly from the genuine app’s latest version. This discrepancy was a clear indicator of the app’s illegitimacy. Further investigation showed that the app utilized a modified version of the Android network framework okhttp3, enabling it to carry out various malicious operations. This tampering enabled the app to access and upload personal data, including images and user information, to a phishing backend. The same phishing domain, ‘bn-download3.com’, impersonated Binance exchange in late 2022 before shifting to mimic a Skype backend in mid-2023. This connection led to the discovery that the same phishing gang was responsible for a previous counterfeit Binance app, indicating a targeted attack pattern against Web3 platforms.

Recommendations for users

In the report, SlowMist also made some proactive measures by blacklisting these malicious addresses. These addresses had accumulated large amounts of cryptocurrency, underscoring the severity of the threat. 

The firm’s proactive measures in exposing and mitigating the threat are crucial in the ongoing battle against such sophisticated cyber threats.To reduce the risk of falling prey to phishing attacks, SlowMist has recommended that users rely solely on official app download channels. Additionally, users are advised to improve their security awareness to prevent such attacks from occurring.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan