According to a report from BeInCrypto , a fake Skype app downloaded through Baidu is unlawfully taking users’ crypto, according to information from security firm. The security researcher established this after receiving a call from a Chinese individual who downloaded the app from the internet instead of the app store.
SlowMist has red-flagged an app presenting itself as Skype that is responsible for stealing a Chinese person’s crypto. The app is believed to have been created by a Chinese gang who injected malicious code into an application package (APK) file the user downloaded.
The scammers requested permission to access files and photo albums, similar to an authentic social media app. The malicious files were then sent to the backend.
It seems that the scammers used an identical backend domain “bn-download3.com,” that was used for a fake Binance app last November. The fake Skype app has been using this domain since May 23rd.
Coupled with requesting file entrance, the fake app monitored traffic for the strings “ETH” and “TRX,” which stand for Ethereum and TRON cryptocurrencies. It replaced the crypto addresses in the string with fixed malicious addresses and some retrieved from another domain.
Approximately 192,856 TRX was sent to TJhqKzGQ3LzT9ih53JoyAvMnnH5EThWLQB using 110 deposits. The ETH address received 7,800 USDT in 10 transactions.
SlowMist has flagged these addresses and added them to a blacklist. They advise against downloading apps from unofficial sources. Requests to access malicious files usually come with the use of these unauthentic apps.
Last year, SlowMist fielded grievances from a fake Binance app a victim found through a search performed on Baidu. The victim contacted SlowMist after losing 5 Ethereum from their Binance account. The security firm recognized a corrupt APK file that redirected funds toward a malicious but unidentifiable address.
Due to the Google Play Store being unavailable in China, users often tend to install apps from packages directly from the internet. The files downloaded directly from the internet are not subject to scrutiny and security protocols, thus posing a greater risk to the user.
In November 2020, Google determined that Baidu Search Box and Baidu Maps were leaking sensitive data. While Google did not directly forbid the collection of device-specific data like a MAC address, it recommended against it in its best practice guide for app developers in its Android platform.
Comments