ScamSniffer analysts discovered that a malware known as MS Drainer had allowed numerous hackers to steal more than $59 million from 63,210 victims in just nine months.
Prevention around phishing techniques has gained ground among the general public, but pirates are competing in inventiveness to deceive the vigilance of the most fragile and even the most attentive. From a fake site to malicious software hidden in an advertisement or a seemingly harmless link, everything is good for obtaining information and money. And, among the most sought-after victims: owners of digital wallets composed of various cryptocurrencies.
Nearly $60 million stolen in less than a year
Many analytics companies relentlessly track hacking activities and various scams set up by hackers to steal money and data. This is how ScamSniffer discovered that, since March, malware called MS Drainer had been hidden within more than 10,000 phishing sites and related advertisements. Designed to drain funds from cryptocurrency wallets, MS Drainer allegedly allowed hackers to steal more than $59 million from 63,210 people since March.
By tracking this malware, analysts discovered that it was sold for around $1,500 by a certain “Pakulichev” or “PhishLab”. The latter takes a 20% commission on each loot, and offers additional modules whose prices vary from 500 to 1000 dollars depending on needs. The study of blockchain activities linked to MS Drainer also shows that the biggest victim lost $24 million in Ethereum, and that other “big hits” siphoned from 440,000 to 1.2 million.
What is phishing anyway?
Phishing is a social engineering technique commonly used by attackers to trick people into disclosing sensitive information or installing malware.
MS Drainer: the devil is in the ads
You know if you read us regularly, hackers are very inventive, whether it is to successfully break into a server, create fake emails or hide malware in advertisements or on larger-than-life sites. In most cases, a pirate designs and improves a program, which he sells or makes available to other pirates.
This gives rise to real cybercriminal communities that are sometimes very difficult to dismantle. In the case of MS Drainer, the malware is hidden in a variety of advertisements promoted on Google through abuse of the ad campaign buying system. Victims notably went through a Google search including keywords such as Zapper, Lido, Stargate, Defillama or Orbiter Finance.
These fake links appear at the top of the page with a URL that appears to be official, but once you click on it, you arrive at the phishing site and the trap closes. On blue subscriber badge. Worse still, the ads would be programmed to only target certain regions of the world, directing others to the real, harmless sites.
Source : BleepingComputer
1