A fake Skype application was recently discovered by SlowMist specialists, which was used by Chinese hackers to swindle hundreds of thousands of dollars in different cryptocurrencies.
The scammers took advantage of the current restriction on international instant messengers in China, forcing users to download unofficial versions from unauthorized sources.
The fake application, which displayed a version number of 188.8.131.523, was disguised as the real Skype version 184.108.40.206.
From November 2022 to May 2023, the hackers used a phishing domain bn-download3.com pretending to be the popular exchange Binance.
SlowMist researchers found that the malware used a modified version of the Android network structure okhttp3 to target cryptocurrency holders.
This allowed the hackers to access the device’s internal files, images, and system information, and track messages containing wallet addresses similar to TRX and ETH.
The scammers then replaced the wallets with their own, effectively stealing the cryptocurrencies.