January 17, 2024 at 04:30PM
The “Inferno Drainer” phishing campaign siphoned over $80 million in cryptocurrency over a year. Using 100 cryptocurrency brands, the attackers lured victims into authorizing fund siphoning, gaining scale from an innovative “drainer-as-a-service” model. The attackers used brand impersonation and social media lures, and the infrastructure was available to rent. Vigilance and collaboration are key for defense.
Based on the meeting notes, here are the key takeaways:
1. The sophisticated phishing campaign “Inferno Drainer” siphoned more than $80 million in cryptocurrency from unwitting victims using an impersonation gambit, hosting phishing pages on over 16,000 unique domains from November 2022 to November 2023. It utilized an “drainer-as-a-service” model that was prominent in 2023.
2. The attackers used two levels of brand impersonation, creating malicious webpages that spoofed brands like Coinbase and Seaport to connect crypto wallets with the attackers’ infrastructure, thereby authorizing the malicious siphoning of funds.
3. To attract targets, the adversaries promoted the pages on social media sites and offered free “airdrops” and minting non-fungible tokens (NFTs) as lures, while also spoofing dozens of companies that offer specific coins, tokens, or exchange services.
4. The rental model featured a flat rate for the developers of 20% of stolen assets in exchange for use of the drainer, and cybercriminals could either upload the malware to their own phishing sites or rent the phishing infrastructure from the developers for a total of 30% of the stolen assets.
5. Cryptocurrency holders should remain vigilant and be cautious of websites promoting free digital assets or airdrops. Additionally, cryptocurrency brands should collaborate with law enforcement agencies and leverage cybersecurity solutions to monitor for signs of brand abuse on the Internet and promptly detect and block any threats that could lead to scams.
These key points summarize the major aspects of the Inferno Drainer campaign and the implications for both cryptocurrency holders and brands in combating this form of cybercrime.