HeimdalTN Security Discovers New Cryptocurrency Scam Campaign

[harlan4096]

Our Algorithms and Analysts have Investigated and Found New Infected Domains from the Same Campaign.

The past year has been a significant one for cryptocurrencies and blockchain. In the face of such extremity and economic meltdowns, cryptocurrencies have proven to be remarkably resilient. Fortunately, the rapid increase in accessibility of global high-speed Internet and digitization has created a ripe environment for digital currency.

On the other side, it started a new source of income for the scammers. Fraudsters target Social Media and Messaging platforms users with a scam centered on a fake cryptocurrency exchange and using the lure of free Bitcoin or Ethereum cryptocurrency to steal money and personal data.

We have previously warned our readers about cryptocurrency scams and advised them on how to safely invest in cryptocurrency from a security standpoint.

New Cryptocurrency Scam Campaign Detected

After successfully discovering a complex phishing cryptocurrency scam campaign last month, this time around Heimdal™ Security tracked down a cryptocurrency scam campaign that started 4 months ago. Since then, our algorithms and analysts have studied and found new infected domains from the same campaign.

The domains are hosted on the following IP addresses:

• 111.174.155 – UA
  
• 214.124.44 – RU
  
• 121.14.70 – UA
  

Our team was able to track them in Seychelles, Iceland, Ukraine, and Russia.

How It Works

This type of cryptocurrency scam lures victims on Discord’s cryptocurrency servers by sending a private message that looks like an ad for a genuine up-and-coming trading platform giving away cryptocurrency. In reality, it deploys social engineering tactics to drive sign-ups.

Once you click on the phishing link they provide, you will be redirected to a website and asked to enter personal information, such as passwords, credit card numbers, or bank account details. In worse situations, malware will start to download as soon as the link is clicked.

Although these types of websites look genuine, and appear fully operational, in reality, scammers are buying already implemented templates from professional web designers. You can add the promo codes, transfer fake balances to other users, reset your password, etc.

The tricky part comes when you want to withdraw your money to your personal wallet. It would say that you need to deposit a certain amount of BTC/ETH to verify your account. The amount asked will be very little compared to the fake prize.

How to Stay Safe

Is your business running cryptocurrency transactions? Here’s some advice on how to improve overall security:

1. Check data breach websites to see if your data has been leaked. You can do so at https://haveibeenpwned.com/
   
2. Always keep your software updated;
   
3. Don’t download files from unknown sources;
   
4. Keep your seed phrase safe;
   
5. Activate two-factor authentication (2FA).
   

While it’s always a good idea to beef up your online security, now more than ever you should take the time to review your cybersecurity habits. I know it’s convenient to trade or buy crypto on the fly, but sloppy practices usually result in compromised personal data.

To his end, I would advise you to conduct every transaction from a secured endpoint. Endpoint security solutions can help prevent data leaks associated with crypto-specific malware. HeimdalTM Security Threat Prevention Endpoint can sanitize your workstations, clear out malicious packets that may be hidden in DNS traffic, detect processes associated with crypto-mining operations, and much more.
...

Continue Reading