Beware: Chinese Hackers Exploit Fake Skype for Cryptocurrency Scam

cryptocurrency drain

In a digital landscape rife with innovation and convenience, cyber threats’ dark underbelly continues to loom. Recently, analysts from SlowMist unearthed a nefarious scheme: a counterfeit Skype app engineered by hackers in China. This sham software was a gateway to siphon off hundreds of thousands of dollars in various cryptocurrencies, exploiting unsuspecting users. Let’s delve into this alarming revelation and understand the mechanics of this sophisticated cybercrime.

The Modus Operandi

Exploiting China’s Messaging App Restrictions

The ban on international messaging apps in China has led users to resort to unofficial sources for downloads. Seizing this opportunity, hackers developed a counterfeit Skype app, preying on the void created by restrictions.

Crafting a Deceptive Facade

The fake Skype version ( closely mimicked the legitimate app ( Within this facade lay a dangerous trap, waiting to ensnare cryptocurrency owners seeking to communicate securely.

Masquerading as Binance and Cryptocurrency Interception

Between November 2022 and May 2023, hackers deployed a phishing domain posing as the renowned Binance exchange. The malware stealthily targeted cryptocurrency owners by exploiting vulnerabilities in the Android network structure (okhttp3).

The Devastating Impact

Manipulating Transactions and Addresses

The insidious nature of the scam allowed hackers access to users’ internal files and system information. This breach facilitated the interception of messages containing cryptocurrency addresses, which were secretly replaced with addresses controlled by the attackers.

Blacklisting Malicious Addresses

In response to this cyber assault, the SlowMist team acted swiftly, identifying and blacklisting over 100 malicious addresses associated with the scam. These addresses served as conduits for siphoning off substantial amounts of cryptocurrencies.

Cryptocurrency Drain and Transactions

The repercussions were dire for unsuspecting victims. A Tron wallet, for instance, was bombarded with 110 transactions, draining it of over 192,856 USDT until November 8th. Similarly, an Ethereum network address faced 10 deposit transactions, siphoning off 7,800 USDT.

The Path Ahead

Heightened Vigilance and Cyber Awareness

This incident is a stark reminder of the lurking threats in the digital realm. It underscores users’ need to exercise extreme caution, verify app authenticity, and refrain from unofficial sources.

Collaborative Defense and Rapid Response

The swift action by SlowMist in identifying and neutralizing malicious addresses highlights the significance of collaborative efforts in cybersecurity. Rapid response and information dissemination are pivotal in mitigating cyber threats.