More than 38,000 different sub-domains have been utilized to host fraudulent cryptocurrency wallet websites on Amazon S3 and Azure Web Apps as part of the far-reaching FreeDrain cryptocurrency phishing campaign, reports The Hacker News.
Intrusions part of the campaign, believed to have been conducted by threat actors in the Indian Standard Time timezone, involved the use of malicious search results for cryptocurrency wallet-related concerns, which redirected to fake cryptocurrency wallet site that lures targets into providing their seed phrases later used for fund exfiltration, according to findings from SentinelONe and Validin researchers. Attackers were also suspected to have leveraged OpenAI's GPT-4o and other large language models to produce text available in the bogus websites. "By abusing dozens of legitimate services to host content, distribute lure pages, and route victims, FreeDrain has built a resilient ecosystem that's difficult to disrupt and easy to rebuild," said researchers. Such findings follow a Check Point Research report detailing the use of Discord to facilitate the delivery of the reemergent Inferno Drainer drainer-as-a-service tool, which has been improved with sophisticated anti-analysis techniques.
Intrusions part of the campaign, believed to have been conducted by threat actors in the Indian Standard Time timezone, involved the use of malicious search results for cryptocurrency wallet-related concerns, which redirected to fake cryptocurrency wallet site that lures targets into providing their seed phrases later used for fund exfiltration, according to findings from SentinelONe and Validin researchers. Attackers were also suspected to have leveraged OpenAI's GPT-4o and other large language models to produce text available in the bogus websites. "By abusing dozens of legitimate services to host content, distribute lure pages, and route victims, FreeDrain has built a resilient ecosystem that's difficult to disrupt and easy to rebuild," said researchers. Such findings follow a Check Point Research report detailing the use of Discord to facilitate the delivery of the reemergent Inferno Drainer drainer-as-a-service tool, which has been improved with sophisticated anti-analysis techniques.
