A fake Skype app designed to drain Tether (USDT) being sent to Ethereum and Tron wallets has been flagged by security experts as being possibly linked to a Chinese phishing gang that previously utilized a fraudulent Binance app.
Blockchain security firm Slow Mist first discovered the fake app when it was approached by a victim who claimed his funds had been stolen.
Slow Mist analyzed the app and discovered its ability to detect Tron and Ethereum addresses in both incoming and outgoing messages before replacing them with an alternative address predetermined by the phishing gang.
It then hands over control of the victim’s phone to the gang and uploads files, photos, ID credentials, etc to their domain.
A Tron address associated with the phishing gang has reportedly received 192,856 USDT through 110 separate transactions while a separate Ethereum address received 7,800 USDT over 10 different transactions.
Chinese gang first impersonated Binance
Slow Mist also deduced that the gang is likely Chinese due to distinguishing signature information. In addition, investigators found that the app had previously been used to impersonate the Binance exchange by the same scammers.
Phishing scams like this reportedly rely on the inaccessibility of Google Play in China to prey on victims who instead download apps directly on the web.
Most of the stolen crypto in this case has reportedly been withdrawn in batches and transferred using BitGet (formerly BitKeep), a coin swap service with zero anti-money laundering (AML) or know your customer (KYC) requirements.
Blockchain analytics firm Elliptic noted that some of these coin swap services are “attractive for criminals seeking to launder their funds,” due to the minimal-to-zero use of AML/KYC on coin swap sites.
Slow Mist flagged 100 addresses associated with the app which has left them all with a risk score of 100, an indication of severe risk.