The cybersecurity analytics firm SlowMist recently revealed a new phishing scam that specifically targets cryptocurrency enthusiasts. Orchestrated by a group of Chinese hackers taking advantage of China's ban on international applications, the scheme exploits the heightened search for these apps on alternative platforms within mainland China.
The hackers strategically focused on popular social media apps such as Telegram, WhatsApp, and Skype, creating a fraudulent Skype app to ensnare users and pilfer their cryptocurrency holdings.
The deceptive Skype app, masquerading as version 220.127.116.113, diverged from the legitimate latest version, 18.104.22.168. It included malware designed to target cryptocurrency wallets by manipulating the okhttp3 Android network framework.
The app discreetly monitored and uploaded various data types from victims' devices, including images and user IDs, with a specific focus on cryptocurrency wallet information.
Subsequently, the malware identified and replaced legitimate crypto wallet addresses in images and messages with those owned by the scammers. This malicious tactic redirected funds intended for legitimate transactions to the fraudsters' wallets.
SlowMist's investigation unveiled over 100 blacklisted wallet addresses involved in transactions totaling approximately 192,856 USDT on the TRON chain and 7,800 USDT on the ETH chain. These findings helped prevent further fraudulent activities.