International cybersecurity company Group-ib has reported on the activities of the current operation of Inferno Drainer, which created more than 16 thousand fraudulent domains from 2022 to 2023.
Attackers utilized high-quality phishing pages to lure users into connecting their cryptocurrency wallets to the scammers’ infrastructure. Simultaneously, victims were deceived into authorizing transactions through the use of fake web3 protocols.
From November 2022 to November 2023, Inferno Drainer illegally earned over $87 million by deceiving more than 137,000 victims. This malicious software complex is part of a larger range of similar products available in the Draineer-AS-A-Service (DAAS) model, with affiliates receiving 20% deductions.
Inferno Drainer customers had the option to download the malicious software onto their phishing sites or avail developers to create and host such sites, with the latter sometimes yielding 30% of the stolen assets.
An analysis of 500 of these harmful domains revealed that the malicious software, based on JavaScript, was initially hosted on GitHub and then integrated directly onto the websites. These sites subsequently spread through platforms like Discord and X, a popular website where users publish public messages and communicate with others. X has a large global audience and ranks among the top 10 most visited sites.
It is worth mentioning that X is prohibited in the territory of the Russian Federation due to repeated violations of legislation.