- Inferno Drainer’s year-long phishing scheme targeted cryptocurrency users, resulting in $87M in illicit profits and over 137,000 victims globally.
- The scam-as-a-service model adopted by Inferno Drainer introduced a new revenue model in cybercrime, allowing affiliates to profit from the malware.
- Inferno Drainer’s sophisticated drainer malware spoofed over 100 cryptocurrency brands, highlighting the evolving threat landscape and the need for heightened security measures.
Inferno Drainer, a notorious name in the realm of cybercrime, operated a sophisticated scheme from November 2022 to November 2023. This operation, masterminded by anonymous operators, established over 16,000 unique malicious domains. These domains were the cornerstone of a phishing scam that targeted cryptocurrency users, resulting in significant financial losses for victims worldwide.
The Mechanics of the Phishing Scheme
The strategy deployed by Inferno Drainer involved the creation of high-quality phishing pages. These pages were ingeniously designed to mimic legitimate cryptocurrency platforms, thereby deceiving users into connecting their digital wallets to the attackers’ infrastructure. The underlying mechanism exploited Web3 protocols, leading victims to unwittingly authorize transactions that drained their assets.
Financial Impact and Victim Count
Over its year-long activity, Inferno Drainer amassed more than $87 million in illicit profits, exploiting over 137,000 unsuspecting victims. This staggering figure underscores the scale and effectiveness of their operation.
Drainer-as-a-Service: A New Cybercrime Model
A significant aspect of Inferno Drainer’s operation was its adoption of a scam-as-a-service model. This business model allowed affiliates to utilize the malware in exchange for a 20% commission on the earnings. This approach not only facilitated the widespread distribution of the malware but also introduced a new revenue model in the cybercriminal ecosystem.
Additional Services Offered by Inferno Drainer
Inferno Drainer provided comprehensive services to its customers. These included the option to upload the malware onto their own phishing sites or to utilize the developer’s services for creating and hosting these sites. The latter option varied in cost, sometimes requiring no additional fee or charging up to 30% of the stolen assets.
Technical Analysis of the Malware
Group-IB’s analysis revealed intricate details about the malware’s operation. The JavaScript-based drainer, initially hosted on a GitHub repository, was embedded directly onto the phishing websites. This sophisticated approach made detection and prevention more challenging for users and cybersecurity professionals.
Spoofing Cryptocurrency Brands
In a compelling demonstration of its technical prowess, Inferno Drainer spoofed over 100 cryptocurrency brands. The attackers created specialized pages hosted on the malicious domains, deceiving users by their authentic appearance.
Dissemination and Entrapment Tactics
The dissemination strategy of Inferno Drainer was multifaceted. Platforms like Discord and X (formerly Twitter) were used to spread these malicious sites. The lure often involved the promise of free tokens or airdrops. Once a user engaged with these sites and connected their wallets, the malware would drain their assets upon transaction approval.
Masquerading as Legitimate Protocols
Inferno Drainer cleverly used names like seaport.js, coinbase.js, and wallet-connect.js to masquerade as popular Web3 protocols. This tactic was crucial in deceiving users into authorizing transactions that were, in fact, unauthorized withdrawals from their wallets.
Evolving Threat Landscape: The Rise of Cryptocurrency Drainers
The successful operation of Inferno Drainer has set a precedent in the cybercriminal world. Experts predict a surge in similar operations, with 2024 being potentially labeled as the “year of the drainer.” This prediction underscores the need for heightened security measures in the cryptocurrency domain.
The Future of Cybercrime: Service-Based Operations
The ‘X as a service’ model, exemplified by Inferno Drainer, is likely to continue thriving. This model offers an accessible entry point for individuals with limited technical expertise to partake in cybercriminal activities. Additionally, for developers, it presents a lucrative avenue for revenue generation.
Conclusion
In conclusion, the cessation of Inferno Drainer’s activities marks a significant event in the realm of cryptocurrency security. However, the legacy of this operation serves as a stark reminder of the ongoing risks faced by cryptocurrency holders. The sophistication and success of such drainers are likely to inspire the development of new, more advanced malware.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
