Chinese Hackers Turn to Skype Video App In Latest Scam Targeting Crypto Users: SlowMist

cryptonews.com:

Crypto security analytics firm SlowMist has uncovered a new phishing scam in China that uses a fake Skype video app to target crypto users.

New SlowMist Investigation Report:

Fake Skype App Phishing Analysis

Our latest report exposes how a fake Skype app led to the theft of stolen funds in the Web3 sphere.

Dive into our investigation for more insights on this scam and how you can stay protected!…

— SlowMist (@SlowMist_Team) November 12, 2023

In a November 12 Medium blog report, the security platform revealed that the hackers exploited China’s restriction on international applications to deceive users actively seeking banned apps like Telegram, WhatsApp, and Skype on third-party platforms.

The Chinese hacker group developed a cloned version of the Skype video app, closely resembling the original.

SlowMist’s analytical team meticulously scrutinized the counterfeit video app, observing a discrepancy in the version (8.87.0403) compared to the official version (8.107.02.215).

Further investigation brought to light an altered signature, indicating malware insertion. Additionally, SlowMist identified a modified version of the widely used Android network framework, “okhttp3.”

Unlike the original version, this altered framework accessed images from diverse directories on the device, a threat specifically designed to target cryptocurrency users.

The attackers employed a tried-and-tested phishing strategy, which embedded the fake video app with malware to compromise crypto wallets and steal funds.

After installation, the fake app requested access to internal files and images. Users, perceiving it as a routine permission request from a social application, unsuspectingly granted all requests.

Once granted permission, the malicious video app