The most productive known crypto-watering of 2023 implied as more than 100 cryptocurrency brands in 16,000 phishing domains to mislead victims to authorize fraudulent transactions, according to Group-IB.
The supplier of the threat information revealed details of the scam-as-a-service operation in a new blog post this morning.
The figures from SCAM Sniffer claimed that Inferno drainer had stolen nearly $ 88 million of more than 137,000 victims during his lifetime from November 2022 to November 2023.
Firstly, inferno drainer affiliates would attract victims to phishing locations that occur as crypto brands. On the sites they would forget popular web3 protocols such as Seaport, WalletConnect and Coinbase in an attempt to initiate a fraudulent transaction.
Seaport is a web3 marketplace for NFT trade, while WalletConnect and Coinbase are protocols with which crypto portfolios can connect to decentralized applications (DAPP) in web3 via a QR code. If a user approves a connection request from a Dapp via WalletConnect, the DAPP can send transaction requests to his wallet, which must then be approved manually by the user in the wallet.
The fraudsters used classic social engineering tactics to mislead their victims.
“Once the connection with the wallet is guaranteed, Spoof Inferno Draininer these protocols under the guise of different DAPPs for initializing malignant transactions. Users are asked to link their accounts and accept a transaction to claim a price or other financial reward, but open themselves for the receipt of fraudulent,” fraudulent, “fraudulent? Viechesko.
“The allure of potential wealth, which is an important part of the content that is presented to victims on phishing websites, ensures that users connect their wallet with the infrastructure of the attacker. The malware was placed on sites that are disguised as official crypto projects and spread on X (previously twitter).”
Read more about Crypto -Drainers: Crypto Drainer steals $ 59 million via Google and X -Advertenties
Under the lures used by the scammers, Phishing locations that promised to give away free tokens (Airdrops) or offer rewards as the victim Peperts Pepert. In some cases, the scammers offered non-existent rewards as ‘compensation’ for invented disruption of the forged company such as a cyber incident.
SCAM-AS-A-SERVICE
Inferno Drainer mainly worked as a service for cyber criminals who are unable or not willing to create and host the phishing sites themselves, but who threw victims at those sites instead. About 20% of the recordings went to the developers, while 80% went to the affiliated companies according to the report.
Affiliates gained access to a user panel, telegram channel and phishing websites/software to manage their campaigns. They would place the drain malware on the Phishing website and then publish the scam via X (formerly Twitter), Discord and other social media.
Once connected to the victim’s crypto wallet, the drain checked for their most valuable and easiest to transfer assets. Everything below $ 100 was apparently ignored.
Group-IB urged users to stay vigilant.
“The dangers will only get worse,” concluded Shevchenko. “In -depth investigations and bringing criminals to court are the only way to prevent future attacks. It is crucial that victims submit things about the attacks they have experienced with the relevant legal enforcement authorities.”