Malware, Threat Intelligence, Phishing

Massive FreeDrain cryptophishing campaign uncovered

Crypto Trading theme with blurred city abstract lights background

More than 38,000 different sub-domains have been utilized to host fraudulent cryptocurrency wallet websites on Amazon S3 and Azure Web Apps as part of the far-reaching FreeDrain cryptocurrency phishing campaign, reports The Hacker News.

Intrusions part of the campaign, believed to have been conducted by threat actors in the Indian Standard Time timezone, involved the use of malicious search results for cryptocurrency wallet-related concerns, which redirected to fake cryptocurrency wallet site that lures targets into providing their seed phrases later used for fund exfiltration, according to findings from SentinelONe and Validin researchers. Attackers were also suspected to have leveraged OpenAI's GPT-4o and other large language models to produce text available in the bogus websites. "By abusing dozens of legitimate services to host content, distribute lure pages, and route victims, FreeDrain has built a resilient ecosystem that's difficult to disrupt and easy to rebuild," said researchers. Such findings follow a Check Point Research report detailing the use of Discord to facilitate the delivery of the reemergent Inferno Drainer drainer-as-a-service tool, which has been improved with sophisticated anti-analysis techniques.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds