A cybersecurity monitoring company has discovered that hackers are actively using fake apps like Skype or Telegram for phishing scams.
SlowMist analysts have found that Chinese hackers have invented a new type of phishing attack based on local users’ desire to circumvent the country’s laws and download banned apps.
Chinese scammers create fake apps of social media platforms like Telegram, WhatsApp, and Skype, the use of which is banned by China’s government, and distribute malware through them to steal cryptocurrencies.
A new way of attacking crypto users was identified by the SlowMist team after analyzing one such app. Decompiling the fake Skype app revealed malware in the code, in particular, an Android networking framework that allows attackers to gain access to the user’s personal data. This occurs after the user grants permission to access internal files and images, which is often requested by media apps.
After accessing internal files, malware locates images or messages with crypto wallet addresses and automatically replaces them with fraudulent ones. The unsuspecting user sends cryptocurrencies to cybercriminals.
SlowMist analysts found out that the attackers stole more than $200,000 from users through one such fake Skype app. 120 users who downloaded the phishing app became victims of the scam.
In the course of analysis, the SlowMist team figured out how to identify fake applications:
- the version of the fake app often doesn’t match the latest official version;
- scammers frequently use the same phishing domain, which can change its appearance several times in a week;
- the fake app is usually very heavy.
Hackers actively use WordPress-based sites to spread malware, and scammers conduct free crypto giveaways on X (ex-Twitter) to deceive users.