Blockchain security firm SlowMist has uncovered a sophisticated phishing scam using a counterfeit Skype application. This malicious app, which meticulously mimics the popular communication tool, has been engineered to steal cryptocurrency from unsuspecting victims.
The crypto scam was brought to light when a victim directly contacted SlowMist after losing funds through what appeared to be a legitimate Skype app downloaded from the internet. This incident is particularly alarming in regions like China, where direct downloads are common due to the unavailability of official app stores.
New SlowMist Investigation Report:
Fake Skype App Phishing Analysis
Our latest report exposes how a fake Skype app led to the theft of stolen funds in the Web3 sphere.
Dive into our investigation for more insights on this scam and how you can stay protected!…
— SlowMist (@SlowMist_Team) November 12, 2023
SlowMist’s investigation revealed that the app’s certificate was newly created in September, with signature information suggesting a Chinese origin. Further probing identified multiple sources of this fake app, consistent with the victim’s experience. The app is designed to covertly monitor and upload files and images from users’ devices, capturing sensitive data. It specifically targets cryptocurrency transactions, replacing Ethereum or Tron blockchain addresses in messages with malicious ones controlled by the attackers.
Alarmingly, one of the fraudulent Tron addresses linked to this scheme had received nearly 200,000 USDT (equivalent to $200,000) over 110 transactions. An Ethereum address involved in the scam also saw transactions totaling 7,800 USDT, which were transferred using BitKeep’s swap service.
According to reports, the scam has already led to hundreds of thousands of dollars being stolen from unsuspecting victims. The attackers have reportedly created over 100 fraudulent wallet addresses to facilitate the theft.
Notably, this phishing domain was initially designed to impersonate the crypto exchange Binance before pivoting to mimic Skype’s backend in May. This shift indicates the scammers’ adaptability and their focus on exploiting the lucrative web3 sector.