Trusted

Chinese Gang Dupes Users With Fake Skype and Binance Apps, Millions in Crypto Stolen

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Blockchain security firm SlowMist has identified links between a Skype app that stole crypto from a Chinese user and a fake Binance app.
  • The app asked the user for permission to access sensitive data and then sent this information to a backend server to steal their crypto.
  • Chinese people are often vulnerable to criminal apps that appear the same as their American counterparts but differ in how they operate.
  • promo

A fake Skype app downloaded through Baidu is stealing users’ crypto, according to data from security firm SlowMist. The security researcher confirmed this after receiving a call from a Chinese individual who downloaded the app from the internet rather than an app store.

SlowMist has red-flagged an app pretending to be Skype that robbed a Chinese person of their crypto. The app was likely created by a Chinese gang who injected malicious code into an application package (APK) file the user downloaded.

Gang Uses Fake Chinese Binance App to Steal Crypto

The gang requested permission to access files and photo albums, much like a genuine social media app. The malicious files were then sent to the backend.

It appears that the gang used the same backend domain “bn-download3.com,” that was used for a fake Binance app last November. The fake Skype app has used this domain since May 23.

In addition to requesting file entrance, the fake app monitored traffic for the strings “ETH” and “TRX,” representing the Ethereum and TRON cryptocurrencies. It replaced the crypto addresses in the string with fixed malicious addresses and some retrieved from another domain.

Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets

Around 192,856 of TRX was sent to TJhqKzGQ3LzT9ih53JoyAvMnnH5EThWLQB using 110 deposits. The ETH address received 7,800 USDT in 10 transactions.

Stolen Fund Distribution
Stolen Fund Distribution | Source: SlowMist

SlowMist has blacklisted these addresses and advises not to download apps from unofficial sources. Requests to access malicious files often accompany these bogus apps.

Google Identified Data Leakage on Baidu

Last year, SlowMist received complaints from a fake Binance app a victim found through a search on Baidu. The user contacted the SlowMist team after losing 5 ETH from their Binance account. The security firm identified a corrupt APK file that redirected funds toward a malicious but unidentifiable address.

The unavailability of the Google Play Store in China often encourages users to install apps from packages directly from the internet. These files are not subject to security checks and pose a significant risk.

Read more: Top Web3 Privacy Challenges & How to Overcome Them

In November 2020, Google identified that Baidu Search Box and Baidu Maps were leaking sensitive data. While Google did not explicitly forbid the collection of device-specific data like a MAC address, it advised against it in its best practice guide for app developers in its Android platform.

Do you have something to say about how the fake app developed by the Chinese gang believed responsible for a fake Binance app,  or anything else? Please write to us or join the discussion on our Telegram channel. You can also catch us on TikTokFacebook, or X (Twitter).

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored