Blockchain security firm SlowMist has uncovered a phishing attack involving a counterfeit Skype app designed to steal cryptocurrency funds from unsuspecting victims. The victim, who downloaded what he believed to be the Skype app from the internet, had his funds stolen, highlighting the risks users face, particularly in regions like China where direct downloads serve as substitutes for unavailable official app stores.

Due to the absence of Google Play in China, users often resort to downloading apps directly from the internet, making them vulnerable to fake applications. SlowMist's investigation identified several red flags in the fake Skype app, including a newly created certificate in September and signature information pointing to a Chinese origin.

The counterfeit Skype app, injected with malicious code, monitored and uploaded files and images from users' devices to capture sensitive information. It specifically targeted Ethereum and Tron blockchain addresses, replacing them with malicious addresses to reroute payments. The attackers managed to siphon almost $200,000 in USDT through one of the malicious Tron addresses.

Notably, the phishing domain initially impersonated the cryptocurrency exchange Binance before switching to mimic Skype's backend. SlowMist advises users to use official app download channels and enhance security awareness to mitigate the risk of falling victim to phishing attacks.