SlowMist Uncovers Advanced Phishing Operation Targeting Crypto Users
If you’re involved in the crypto and Web3 space, you need to be aware of a new phishing scam uncovered by cybersecurity firm SlowMist. The scam led to the theft of funds from an unsuspecting victim who downloaded a fake Skype app from the internet, highlighting the increasing sophistication of cybercriminals targeting crypto users.
Sophisticated Attack Launched Against Chinese Users
The attack targeted users in China, where restrictions against conventional app stores have forced people to download unofficial software versions, making them more vulnerable to such scams. Popular apps like Skype, WhatsApp, and Telegram are often targeted in these types of attacks. The security firm discovered this attack using a fake version of Skype, which resulted in an individual losing $200,000.
Examining The Phishing App
The fake Skype app’s signature information immediately raised red flags due to its simplistic nature and label merely as “CN.” The certificate’s recent effective date suggested a recent creation, likely by a Chinese phishing group. The app was found across multiple internet sources, aligning with the victim’s account.
Deeper Analysis Reveals Alarming Tactics
The SlowMist team’s analysis revealed that the app had been fortified using Bangcle, a tactic commonly used in fake apps to hinder analysis. Decompiling the APK uncovered alterations enabling the app to hijack various data from the user’s device. The phishing backend ‘bn-download3.com’ had previously impersonated Binance before mimicking a Skype backend.
App Seeks User Permissions Under False Pretenses
The app sought user permissions under the guise of social media functionality and began uploading personal data, including images, device information, and phone numbers. It also monitored for and replaced cryptocurrency addresses in messages with malicious ones controlled by the attackers.
Stolen Funds Traced on Blockchain
The SlowMist team successfully blacklisted malicious addresses and traced significant amounts of USDT transactions linked to these addresses on the TRON and Ethereum blockchain. Stolen funds were sent to specific addresses on both blockchains.
Pattern of Sophisticated Phishing Operations
This case mirrors a previous fake Binance app scam reported in late 2022, highlighting a pattern of sophisticated phishing operations targeting crypto users. It’s crucial for users to only download apps from official channels and remain vigilant against such deceptions.
Hot Take: Enhanced Security Awareness Critical for Blockchain Space
Enhanced security awareness is crucial in protecting yourself from sophisticated phishing scams targeting crypto users. As of now, Ethereum (ETH) trades at $2,060.
By
By
By
By
By
By