Scammers hit again, duping crypto users through fake Binance app

InfoNesia.xyz – Scammers have used a fake Binance Website and App to defraud crypto users of about $12,500 worth of crypto.

Scammers launch fake Binance app, defraud unsuspecting victims

On October 24, a twitter user reached out to SlowMist asking for help when 5 ETHs they sent to their Binance address were transferred to an address owned by a scammer.

Not long after the first user reached out to SlowMist, another Twitter user, “kongkong,” tweeted:

“A friend of mine withdrew USDT from OK to Binance, while the first transaction was successful, the second wasn’t. They sent more than 5,000 USDT and waited over half an hour, but it never arrived. Ultimately, I contacted the Binance App’s customer service and stated that the address that received USDT was not a Binance user’s address.”

These are a few crypto scams that occur daily in the crypto world.

There are many types of crypto scams. Some of the most common include fake crypto sites, which are often operated in one of two ways: via phishing pages and straightforward theft.

Other types of crypto scams include; Phishing scams, Pump and dump schemes, Fake apps, Fake celebrity endorsements, Giveaway scams, and Cloud mining scams are some examples of the different types of crypto scam used by scammers to defraud their victims.

Fake Binance website and APK analysis

To verify the source of the scam, the Slowmist team first downloaded the Fake “Binance App” provided by the victim and compared the APK file size with the real one. It was discovered that the real Binance APK size was 247.1 MB, while the fake Binance APK size was only 191.3 MB, indicating that the fake Binance APK was compressed.

The packaging signature information indicated an issue with the victim’s Android Package Kit (APK).

An examination of the fake Binance APK reveals that the hacker used free security software to prevent others from analyzing the APK.

The team wasn’t able to find the scammer’s address after decompiling the source code, which indicated that it was transmitted through the network to modify the deposit address solely.

Further investigation uncovered the domain address and the management backend domain address where the deposit addresses were generated.

When the interface stopped running services, a network interface analysis was performed. Still, according to the interface characteristics obtained from the network search engine, we discovered that the hacker’s other interface domains were still active.

According to the victim, the fake Binance App was downloaded via a Baidu search. We could discover and download several so-called “official Apps” after a quick search.

Slowmist, in the statement released, strongly advised users to only visit official sources and always verify before downloading anything to avoid incidents like this.

How to protect yourself from crypto scams