Blockchain security company SlowMist has published a comprehensive analysis discussing a counterfeit Skype application. The fake app secretly uploaded users’ images and modified crypto wallet addresses with the intent of pilfering funds.
SlowMist investigated after a victim reported stolen assets from downloading a counterfeit Skype app outside official channels. Key findings from their analysis:
- The app silently obtained and uploaded all user photos to attackers after gaining file access permissions.
- Over $190,000 in crypto was stolen from just two identified malicious addresses before rapid laundering.
- The group behind it previously created fake Binance apps for phishing using similar techniques tailored to target Web3 users.
Advanced Obfuscation to Evade Detection
By reverse engineering the app, SlowMist discovered it leveraged a common Android network framework to intercept traffic and replace wallet addresses in messages.
The hackers encapsulated the fake app code using advanced tactics to prevent analysis and detection. This illustrated the specialized techniques used to make the malware convincing.
Backend infrastructure links revealed that the Skype scam app creators also developed prior fake Binance apps for phishing. The group specializes in targeting Web3 users specifically.
SlowMist cautioned that social media and exchange app frauds are common outside official app stores. Attackers exploit brand recognition and greed through fake airdrops to trick unwitting targets. But telltale technical signals can raise red flags, helping savvy users avoid devastating losses.
The report demonstrates the sophisticated methods fraudsters leverage to deceive users. However, enhanced security awareness is the best defense against phishing traps.