NEWS  Security  December 24, 2023  Reading time: 2 Minute(s)

Max (RS editor)

Wallet or cryptocurrency drainers have emerged as a severe menace, employing diverse techniques such as campaign launches, deceptive websites, wallet connections, smart contract interaction, asset transfer, and obscuration to illegally transfer cryptocurrency from users' wallets.

Unmasking Crypto Drainers: A Stealthy Threat

A crypto drainer, or cryptocurrency stealer, is a malicious program designed to surreptitiously pilfer cryptocurrency from wallets. These programs operate by deceiving users into approving transactions, facilitating fund transfers without their knowledge or consent.

Scam Sniffer's Revelation: $59 Million Heist Unveiled

Anti-scam solutions provider Scam Sniffer uncovered a series of crypto drainer malware attacks, revealing the theft of approximately $59 million from 63,210 victims. The malevolent wallet drainer, named MS Drainer, infiltrated Google search and X (formerly Twitter) ads. The attack exploited Google and X ads to redirect unsuspecting users to phishing pages.

Phishing Surge: Exploiting DeFi Keywords and Regional Targeting

Users innocently clicking on ads associated with common DeFi keywords became victims as these malicious ads evaded audits and utilized redirect deception. Thousands of phishing sites employing drainers were identified between March 2023 and today, with notable spikes in activity during May, June, and November.

Ad Platform Exploitation: Google Search and X Ads

Phishing sites were promoted in Google Search by exploiting Google's tracking template, while X ads were more prevalent, enticing users with NFT airdrops and new token launches on sites harboring drainers that stealthily siphon funds from users' wallets.

Dark Web Transactions: MS Drainer's Disturbing Availability

The dark web forums witnessed the availability of MS Drainer, deviating from the norm as its source code was directly sold to customers, avoiding the typical 20% developer fee seen in other malware transactions.

CPR's Alarming Discovery: Blockchain Networks Under Siege

On December 22, Check Point Research (CPR) revealed a surge in sophisticated phishing attacks targeting various blockchain networks. Angel Drainer, a persistent threat, was linked to cyberattacks targeting Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 other networks.

Luring Tactics: Fake Airdrops and Phishing Campaigns

Despite the shutdown of groups like Inferno Drainer, Angel Drainer continues its operations, creating fake airdrops and phishing campaigns that promise free tokens to lure users. Redirecting them to fraudulent websites, attackers demand wallet connections, setting the stage for token theft.

Smart Contract Shenanigans: Unwitting Access to User Funds

Users interacting with smart contracts unknowingly grant attackers access to their funds, enabling token theft. Attackers employ tactics like mixers and multiple transfers to liquidate stolen assets, exploiting the permit in ERC-20 tokens to transfer funds without leaving a trace on the blockchain.

Industry Recommendations: Fortifying Defenses Against Malicious Ads

CPR and Scam Sniffer advocate for the enhancement of verification processes on ad platforms to prevent the exploitation of services by malicious actors. Consumers and users are urged to exercise caution when opening links in online ads to mitigate the risk of falling victim to crypto drainer attacks.

 COVER IMAGE BY MACROVECTOR ON FREEPIK | ARTICLE IMAGE BY SCAM SNIFFER