Chinese Scammers Exploiting Fake Skype And Binance Apps


In the ever-evolving landscape of online security threats, a recent incident sheds light on a Chinese gang’s cunning tactics to deceive users using counterfeit Skype and Binance applications. This alarming revelation comes from security firm SlowMist, who discovered a fake Skype app, distributed through Baidu, discreetly pilfering users’ cryptocurrency.

The Deceptive Maneuvers: According to SlowMist’s investigation, the duplicitous app, seemingly a clone of Skype, was downloaded outside the confines of an official app store. This unsuspecting victim, who fell prey to the scam, unwittingly invited trouble by obtaining the app from an unofficial source. It’s apparent that the malevolent creators injected malicious code into the application package (APK) file, leaving users vulnerable to a crypto heist.

Modus Operandi: The perpetrators, akin to a legitimate social media app, cunningly requested access to files and photo albums, exploiting the users’ trust. The compromised files were then surreptitiously sent to a backend server. Notably, the gang employed the same backend domain, “,” previously associated with a fake Binance app discovered last November. This particular fake Skype app has been utilizing this domain since May 23, suggesting a recurring pattern in the attackers’ tactics.

Crypto-Targeted Surveillance: Apart from file access, the nefarious app surveilled traffic for specific cryptocurrency-related strings, such as “ETH” (Ethereum) and “TRX” (TRON). Subsequently, the app replaced legitimate crypto addresses with fixed malicious addresses and others retrieved from a separate domain. The consequences were severe, with 192,856 TRX and 7,800 USDT being siphoned off through multiple transactions.

Preventive Measures: SlowMist, in response to this threat, has blacklisted the malicious addresses and issued a stern warning against downloading apps from unofficial sources. The importance of exercising caution and refraining from granting unnecessary permissions cannot be overstated.

The Larger Context: This incident unveils a broader concern about the prevalence of fake apps and the security risks associated with downloading from unofficial sources. Last year, SlowMist dealt with a similar case involving a fake Binance app discovered via a Baidu search. The absence of the Google Play Store in China often compels users to resort to downloading apps directly from the internet, bypassing crucial security checks.

Google’s Previous Warning: Highlighting the severity of this issue, Google had previously identified data leakage on Baidu, specifically with the Baidu Search Box and Baidu Maps. This revelation further underscores the risks associated with obtaining apps from unofficial sources, as these files evade standard security checks, making users susceptible to malicious activities.

Conclusion: As the digital landscape continues to evolve, users must remain vigilant against emerging threats. The recent exploits of a Chinese gang using fake Skype and Binance apps serve as a stark reminder of the importance of cybersecurity. By staying informed and adopting best practices, users can protect their digital assets from falling into the hands of cybercriminals.