Operators and affiliates of cryptocurrency drainers have shifted to using high-reputation domains for illicit activity, while re-registering domains that were legitimate and using sophisticated fingerprinting in a bid to better evade detection, reports Cybernews

Despite the continued prevalence of brute-force intrusions among less knowledgeable attackers, others have sought to exploit compromised accounts for direct malvertising campaigns that could be targeted at certain regions instead of through proprietary Google Ads accounts, a report from the Security Alliance showed.

Most prolific of all crypto draining operations was Inferno Drainer , which has employed a renamed secureproxy in some deployments to avert fingerprint-based analysis. Meanwhile, the nascent Eleven Drainer was discovered to have touted a sports car giveaway for its leading affiliate.

"This indicates that the drainer operators and affiliates are continuously refining their techniques to evade automation, and that further investigation is required," said SEAL researchers.