Researchers have detailed how a scam campaign spoofed over a hundred cryptocurrency brands in the past year, stealing at least $80 million in assets from its victims' digital wallets.
The researchers warn that the software and those users still pose a danger to cryptocurrency owners everywhere.
Group-IB found that the Inferno Drainer user panel for cybercriminals was still active as of mid-January, despite the shutdown.
Inferno Drainer's track record also may serve as inspiration for a wave of new drainer malware, researchers said.
In particular, the cybercriminals placed the malware on websites disguised as official crypto token projects and promoted them on X and Discord.
On those websites, they also spoofed popular Web3 protocols such as Seaport, WalletConnect, and Coinbase to initiate fraudulent transactions.
Users who fell for these scams were willing to link their accounts to fake protocols because cybercriminals promised them financial gains - free tokens or rewards for minting non-fungible tokens, Group-IB said.
The lures seemed to be convincing, since every fraudulent transaction initiated by the drainer required the victim's consent.
Once connected to the victim's crypto wallet, the drainer checked for their most valuable assets - assets below $100 were ignored.
Group-IB detected over 16,000 unique domains linked to Inferno Drainer's phishing operations, with at least 100 individual crypto brands impersonated.
The scammers promoted their services through an English-language Telegram channel called Inferno Multichain Drainer, which has more than 10,000 subscribers as of this week.
Crypto trading firm closes shop after $8 million NY state fine over security issues.
Detained Russian student allegedly helped Ukrainian hackers with cyberattacks.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.
Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
This Cyber News was published on therecord.media. Publication date: Tue, 16 Jan 2024 17:45:06 +0000