January 16, 2024 at 03:45AM
The now-defunct Inferno Drainer created over 16,000 malicious domains, scamming over $87 million from 137,000 victims by spoofing Web3 protocols. Affiliates could use the malware for phishing, draining 30% of stolen assets in some cases. The cybercrime spoofed over 100 cryptocurrency brands with specially crafted pages and was active throughout 2023.
From the meeting notes, the key takeaways are:
– The Inferno Drainer operated from November 2022 to November 2023, scamming over 137,000 victims and reaping over $87 million in illicit profits by creating over 16,000 unique malicious domains.
– The scheme leveraged high-quality phishing pages to trick users into connecting their cryptocurrency wallets with the attackers’ infrastructure, spoofing Web3 protocols to authorize unauthorized transactions.
– The malware is part of a broader set of offerings available under the scam-as-a-service model, with customers able to either upload the malware to their own phishing sites or make use of the developer’s service for creating and hosting phishing websites.
– Analysis by Group-IB revealed that the malware spoofed upwards of 100 cryptocurrency brands via specially crafted pages hosted on the unique domains. The activity masqueraded as popular Web3 protocols like Seaport, WalletConnect, and Coinbase to complete unauthorized transactions.
– Inferno Drainer’s phishing websites had features to hide their scripts and illegal activity from their victims, such as preventing the opening of website source code using hotkeys or right-clicking on the mouse.
– While Inferno Drainer may have ceased its activity, its prominence throughout 2023 highlights the severe risks to cryptocurrency holders as these types of threats continue to develop further.
Feel free to let me know if you need any further assistance or a summary of a different portion of the notes.