Thanks to the work of the researchers at Group-IB it was possible to identify cybercriminals who, pretending to be Coinbase and using malware, they managed to dry up the crypto wallets of numerous victims.
For this purpose, cyber criminals have used pages phishing extremely convincing, specifically designed to push users to give up their wallet access data.
Cybercriminals, from what emerges, started the campaign in November 2022, relying on a MaaS (Malware-as-a-Service) named Inferno Drainer. The term “drainer”, i.e drainis not used by the way: the goal of the malicious agent is precisely to dry up cryptographic walls, also going to steal NFT and similar.
The MaaS system linked to Inferno Drainer offers criminals the 20% of profits obtained from the use of malware, thus attracting a large number of bad actors. Affiliates, therefore, must somehow convince potential victims to connect the wallet to the attackers’ infrastructure.
In the case of this specific campaign, everything happened with the aforementioned phishing pages, through which users were made to believe they were interacting with Coinbase.
Phishing sites and Inferno Drainer: the campaign targeting Coinbase has claimed more than 130,000 victims
According to data held by Group-IB, the attack that abuses Coinbase is considered large-scale.
The researchers, in fact, have identified more than 16,000 domains distinct linked to activities related to Inferno Drainer. According to the information collected, several groups linked to cybercrime are probably involved in this operation.
Typically, the attacks convince the victim that they have received a airdrop. This term defines a new project promoted by developers through the distribution of tokens. These are offered free of charge, in exchange for certain actions that bring visibility to the project itself.
In fact, for cybercriminals the excuse of a phantom airdrop has created the interest of potential victims, making it easier to attack their wallets. The abuse of the Coinbase name, specifically, would have assumed enormous numbers. In fact, we are talking about more than 130,000 victims with a total loot that would exceed the 80 million dollars.