The Inferno Drainer [1] [2] [3] [4] [5] [6] [7] [8] [9], a crypto-draining malware [6], gained notoriety from November 2022 to November 2023 for its large-scale crypto scam. It stole over $87 million from more than 137,000 individuals.
Description
The operation involved a “scam-as-a-service” model, where affiliates received a 20% cut of their earnings [6] [9]. A cybersecurity services company [2], Group-IB Global Pvt Ltd [2], uncovered over 16,000 malicious domains associated with the Inferno Drainer scam [2]. The fraudsters impersonated more than 100 cryptocurrency brands and utilized phishing domains to deceive victims into authorizing fraudulent transactions [5]. They specifically posed as Coinbase and employed social engineering tactics to trick victims into connecting their wallets to the attackers’ infrastructure. By spoofing popular Web3 protocols like Seaport [3] [5], WalletConnect [3] [4] [5] [7] [8], and Coinbase [3] [4] [5] [7] [8], they initiated unauthorized transactions and drained funds from over 130,000 victims, resulting in a staggering $80 million stolen [1]. The operation also enticed victims with promises of receiving an airdrop or free tokens for minting new NFTs. The group offered a customer panel for affiliates [2], allowing them to customize malware features and track stolen assets [2]. Despite allegedly being shut down in November 2023 [3] [7], the control panel remained active in December and as of mid-January this year.
Conclusion
Experts warn of potential developments in new drainers and a surge in websites hosting malicious scripts masquerading as Web3 protocols [8], even though the Inferno Drainer has ceased operations [8]. Group-IB warns cryptocurrency holders to remain vigilant against phishing attacks [2]. The cybersecurity company Group-IB has published a report on the Inferno Drainer scam operation, revealing that it used 16,000 phishing domains and stole $80 million from crypto users since March 2023 [7]. Although the operation was shut down in November 2023, the threat of Inferno Drainer still exists as past users may have moved on to other schemes [7]. The operation targeted crypto users through phishing sites that impersonated popular brands like Seaport [7], WalletConnect [3] [4] [5] [7] [8], and Coinbase [3] [4] [5] [7] [8]. They tricked users into linking their accounts for fake financial rewards and conducted fraudulent transactions [7]. The operation also involved creating and hosting websites that appeared as official crypto projects [7]. Group-IB warns that similar malware threats continue to evolve in the crypto ecosystem [7], emphasizing the need for increased vigilance and security measures [7]. It is important for cryptocurrency holders to remain vigilant against similar scams [6], verify the legitimacy of websites before connecting their wallets [6], and use security tools to detect and block phishing attempts [6]. Ongoing education and awareness about phishing tactics and online security are crucial [6], and cryptocurrency platforms and users should implement robust security measures to protect against such schemes [6].
References
[1] https://www.techradar.com/pro/security/this-devious-malware-pretends-to-be-coinbase-but-really-its-just-draining-all-your-accounts
[2] https://siliconangle.com/2024/01/16/group-ib-uncovers-16000-malicious-domains-used-inferno-drainer-crypto-scam/
[3] https://alexablockchain.com/how-inferno-drainer-siphon-80m/
[4] https://www.hackread.com/inferno-drainer-phishing-scammers-crypto-wallets/
[5] https://www.infosecurity-magazine.com/news/inferno-drainer-spoofs-100-crypto/
[6] https://news.cloudsek.com/2024/01/cryptocurrency-scam-inferno-drainer-rakes-in-87-million-targets-137000-victims/
[7] https://www.tradingview.com/news/cryptobriefing:7c2ab5cb7094b:0-inferno-drainer-crypto-scam-still-a-threat-despite-previous-shut-down-report/
[8] https://www.techtimes.com/articles/300671/20240116/inferno-drainer-malware-siphoned-87-million-november-2022-2023.htm
[9] https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html
