How did Inferno Drainer help cybercriminals steal over $80 million in cryptocurrency?

Key Takeaways

• Infernal Absorber Refinement: Inferno Drainer, a fraud-as-a-service malware, demonstrated an extraordinary level of sophistication in the way it operated. Developers have provided cybercriminals with a user-friendly platform with customization options and real-time statistics on stolen assets, making it a powerful tool in the arsenal of digital criminals.
• Deceptive bait and social media promotions: Inferno Drainer lured victims by offering tempting lures, including promises of free tokens, NFT mining opportunities, and compensation for disruption caused by cybercrime. They aggressively promoted phishing pages on social media platforms, leveraging the trust and curiosity of potential victims.
• Web3 Protocol Spoofing: What set Inferno Drainer apart was its ability to impersonate the popular Web3 protocol used for secure digital asset trading. This allowed them to connect to a self-managed cryptocurrency wallet and trick victims into authorizing malicious transactions. There is an added trick to using malicious JavaScript code.
• Constant vigilance is important. Inferno Drainer ended in November 2023, but maintaining its reputation throughout the year highlights the ongoing threat of cryptocurrency scams. Group-IB’s warning emphasized the importance of vigilance to cryptocurrency holders, urging them to check the legitimacy of websites and immediately report any suspicious activity to law enforcement to effectively combat cybercrime.

In a shocking revelation, cybersecurity firm Group-IB has uncovered the dark underbelly of the digital world by exposing a sophisticated and highly profitable as-a-service fraud operation that has wreaked havoc in the cryptocurrency space throughout 2023. Inferno Drainer The virus has become a formidable adversary in the war against cybercrime, leaving a trail of more than US$80 million in stolen digital assets in its wake.

The Birth of the Inferno Drainer

Inferno Drainer, officially known as Inferno Multichain Drainer, burst onto the scene in November 2022 when its developers revealed their malicious creation on a Telegram channel. This nefarious software is offered for hire to cybercriminals as part of a Scam-as-a-Service model, a tool that can loot unsuspecting victims’ cryptocurrency wallets and authorize transactions in the blink of an eye. provided.

Fraud-as-a-Service Model

Inferno Drainer’s developers have run a customer panel that allows cybercriminals to customize the malware’s functionality and provide key statistics on ill-gotten gains. In a brazen business model, developers would charge a flat fee for 20% of stolen assets, with the remaining 80% going to users. Those looking to utilize Drainer can either upload it to their own phishing site or utilize developer services to create and host their own phishing website. In some cases, this service was provided free of charge, while in other cases, managers were required to take a 30% cut of the stolen assets.

One of Inferno Drainer’s key features was its ability to impersonate over 100 cryptocurrency brands across over 16,000 unique domains, making it a massive threat to anyone active in the cryptocurrency industry. Group-IB said it had notified the brand about the malicious use of its name and image in line with its zero-tolerance policy against cybercrime.

deceptive bait

Promoted on social media platforms such as X (formerly Twitter) and Discord, Inferno Drainer’s phishing page provided potential victims with an irresistible lure. Offering free tokens through airdrops, opportunities to mint NFTs, and compensation for downtime caused by cybercrime lured unsuspecting users into the malicious web. Once lured, victims are prompted to link their wallet, unknowingly taking the scam to the next level.

Web3 Protocol Spoofing

What made Inferno Drainer different from other scams was its ability to spoof the popular Web3 protocol, which is designed to facilitate secure and efficient transactions of digital assets. Malicious JavaScript code disguised as well-known Web3 protocols, including Seaport, WalletConnect, and Coinbase, was embedded in phishing websites to initiate malicious transactions. Some sites contain multiple scripts that impersonate various Web3 protocols, all of which can be accessed by scammers through separate ZIP files hosted on GitHub repositories or file sharing sites.

Fallout and warning from Group-IB

Despite the daring operation, Inferno Drainer’s reign of terror ended with the announcement of its closure in November 2023. But the damage has already been done, with more than $80 million worth of digital assets stolen, making it the leading cryptocurrency leaker of 2023.

Andrey Kolmakov, Head of the High-Tech Crime Investigation Department at Group-IB, emphasized that phishing attacks are becoming increasingly sophisticated, making cryptocurrency holders increasingly vulnerable. Kolmakov urged cryptocurrency holders to be cautious, warning them not to be fooled by websites promoting free digital assets or airdrops.

Group-IB’s recommendations

Group-IB’s investigation into Inferno Drainer concludes with a series of recommendations to protect digital asset holders. They advise to only trust legitimate websites like those listed on CoinMarketCap for trading. Additionally, victims of cryptocurrency crime are urged to save phishing URLs and related data and share that information with local law enforcement agencies to bring cybercriminals to justice.

In an ever-evolving cybersecurity threat landscape, Inferno Drainer serves as a stark reminder of the dangers lurking in the digital world. As cybercriminals continue to devise increasingly sophisticated schemes, the onus is on individuals and organizations to remain vigilant and take the necessary steps to protect their digital assets.

Also Read: Crypto Industry Has Lost Over $1.3 Billion YTD Due to Hacks and Frauds, Immunefi Report Reveals.