Crypto theft is a common occurrence in the industry. The practice uses several means, each as sophisticated as the next. Recently, blockchain security platform SlowMist discovered that a fake mobile app, like the one imitating crypto exchange Binance, is being used for this purpose. Here’s how it goes.
Using a counterfeit mobile app to steal crypto
The blockchain security company SlowMist revealed, Monday, November 13, a method that hackers use to rob users of their cryptos. The method, somewhat sophisticated, exploits a counterfeit application to achieve its ends.
The story was brought to light when a Chinese victim, presumably, contacted SlowMist to recount his ordeals. The victim lost funds after downloading what they believed to be the legitimate Skype application from the Internet.
You should know that in China, Google Play is not available. To get around this difficulty, users often resort to direct downloads from the Internet. It is therefore in this context that the victim in question was fooled.
By carrying out its investigations, SlowMist noticed several anomalies. The fake Skype application is first of all recently created while being domiciled in China. Even more intriguing, the fraudulent Skype app contained malicious code designed to track and download files and images from the user’s device.
This is how the hackers obtained sensitive information such as device details, victim IDs and phone numbers. But above all, access to your crypto wallet by specifically targeting messages containing blockchain, Ethereum or Tron addresses. Data which they then replaced with malicious addresses allowing payments to be made.
The method is not new!
This crypto hacking process seems new. But actually, not at all. Indeed, this phishing incident is linked to another incident which took place in May. At the time, a fake Binance counterfeit mobile app for cryptos used the same modus operandi.
According to SlowMist, these are the same authors who orchestrated the two crypto hacking operations. The difference is that in the incident perpetrated in May, the phishing domain name first posed as Binance, before imitating the Skype backend.
SlowMist explains that the hacker group’s focus on the Web 3.0 sector is evident by the use of fake domains like « bn-download [number].com”. The latter being specifically used for Binance phishing attacks.
The new incident highlights the vulnerabilities crypto users face. Particularly in countries like China, where direct downloads bypass unavailable official app stores. SlowMist strongly urged users to stick to official app download channels while increasing their crypto security awareness. This is to reduce the risks associated with phishing attacks. Vigilance and caution when downloading apps can play a crucial role in protecting cryptos from malicious actors.
Receive a summary of the news in the world of cryptocurrencies by subscribing to our new service daily and weekly so you don’t miss anything of the Tremplin.io essentials!
