According to Group-IB, the attackers hosted the phishing pages using more than 16,000 unique domains over the course of the campaign, which ran between November 2022 and November 2023, after which it was disrupted.
While Inferno Drainer may have ceased its activity for now, its prominence throughout 2023 highlights the severe risks to cryptocurrency holders as drainer malware continues to develop further, Group-IB's team tells Dark Reading.
Anatomy of a Crypto-Spoofing Campaign During the course of the Inferno Drainer onslaught, the attackers used two levels of brand impersonation.
First, they created malicious webpages that spoofed brands like Coinbase, Seaport, and WalletConnect, which are used to connect crypto wallets to decentralized trading platforms and other applications.
In other words, marks believed they were using the legitimate services, but in reality they were unwittingly authorizing the malicious siphoning of funds.
Worryingly, the scripts the cyberattackers used for the Web3 impersonation are available in GitHub repositories or as a separate.
ZIP file hosted on a file-sharing site, the researchers noted.
To attract targets to the sites in the first place, the adversaries promoted the pages on social media sites, including X, and various Discord servers.
In all, the Inferno Drainer assailants here spoofed dozens of companies that offer specific coins, tokens, or exchange services.
Inferno Drainer's Scam-as-a-Service Model One notable aspect of the campaign is the fact that the Inferno Drainer heists weren't the work of a single cybercrime group; rather, the infrastructure was available to rent.
The rental model featured a flat rate for the developers of 20% of stolen assets in exchange for use of the drainer.
Cybercriminals could either upload the malware to their own phishing sites; or also rent the phishing infrastructure from the developers for a total of 30% of the stolen assets, Group-IB experts found.
In terms of cyber defense, cryptocurrency holders should remain vigilant and be wary of any website promoting free digital assets or airdrops.
For their part, cryptocurrency brands have a set of tasks ahead of them to thwart what Group-IB believes will soon be an onslaught of new drainer activity.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 17 Jan 2024 21:30:18 +0000