Warning Over Crypto-stealing Counterfeit Skype App

Reading Time: 2 minutes

• Slowmist has issued a warning to crypto users about a circulating fake Skype app in China
• A victim informed the company of the fraudulent version which he had downloaded following a Baidu search.
• The fake app searched messages for crypto addresses and replaced them

Security company Slowmist has warned crypto users of a fake Skype app doing the rounds that steals cryptocurrency. Slowmist was directed to the app by a Chinese victim who, due to the lack of access to Google Play in the country, had downloaded the app following a Baidu search. Unfortunately, he had downloaded a fraudulent version run by hackers who stole his holdings. The fake app shouldn’t be an issue for Western users, but Chinese users face the mammoth task of deciphering fake apps from real ones with no helping hand.

Finance Slowmist Blackisted Addresses

Slowmist reported that the rogue app monitored messages for TRX and ETH addresses, replacing them with pre-set addresses under their ownership. Once detected, SlowMist immediately blacklisted the addresses, halting further losses for anyone else downloading the software.

Further analysis revealed the extent of the phishing gang’s gains; transactions on the Tron chain address amounted to 192,856 USDT, with substantial withdrawals, while the Ethereum address received 7,800 USDT, all of which were subsequently transferred out. Slowmist discovered that the fake Skype app was linked to a larger phishing campaign orchestrated by the same gang, which previously targeted users of the Binance exchange. 

Finance Backend Shut Down

During testing, Slowmist managed to shut down the phishing gang’s backend, halting further malicious activities, while the company also exposed financial connections, with transaction fees traced back to the exchange OKX. 

This discovery underscores the persistent threats posed by phishing gangs in the cryptocurrency space, especially through social media apps, and highlights the importance of heightened user awareness and taking all possible security measures.