14 August 2024

CryptoCore crypto scam drains over $5.4 million from users


CryptoCore crypto scam drains over $5.4 million from users

A cybercrime group known as CryptoCore has orchestrated a sophisticated social media scam campaign, resulting in the theft of over $5.4 million worth of cryptocurrency assets. The group has employed a range of advanced techniques, including deepfake videos, hacked social media accounts, and professionally designed fake websites, to deceive users and drain their crypto wallets.

The group begins by hijacking social media accounts with large followings, which they then use to flood online platforms with comments, posts, and videos that appear to be from legitimate sources. These accounts often belong to well-known brands or personalities, adding a veneer of authenticity to their scams.

In a recent series of campaigns, CryptoCore exploited events such as Donald Trump’s presidential nomination, multiple SpaceX flights, and Apple's annual developer conference to attract victims.

The most common tactic involves convincing potential victims that these posts are official communications from trusted brands or famous individuals. The fraudulent communications direct users to fake websites that closely mimic legitimate ones, complete with "technical support" chat options and fabricated transaction systems, making the scam appear even more credible.

The group capitalizes on the public’s interest in these events, using them as a pretext to promote fake cryptocurrency investment opportunities. Victims are lured in by promises of quick and easy profits, often through limited-time "giveaway" offers that urge immediate action to avoid missing out.

The scammers prepare their deepfake content and fake websites well in advance, waiting for the right moment to conduct the attack. On the day of a major event, they modify the hijacked social media accounts to align with the theme of the event and flood the internet with their fraudulent content. This strategic timing ensures that their scams reach a large audience, as the hijacked accounts, with their significant followings, tend to dominate search results.

CryptoCore uses a variety of sophisticated tools and techniques to carry out their scams. The group reportedly employs a framework known as CryptoProject, which is available on hacker forums, to create landing pages and purchase services such as deepfake creation and account hijacking. Their campaigns often feature themes related to high-profile companies like SpaceX, MicroStrategy, and Tesla, with cryptocurrencies like Ethereum and Bitcoin being the primary targets.

To avoid detection, CryptoCore uses obfuscated JavaScript, manipulates cookies, and leverages Cloudflare protection. They also regularly change their tactics to exploit loopholes in automated anti-corruption systems.

An analysis of CryptoCore's activities over a six-month period revealed 1,200 crypto wallets linked to the group, with the most frequently used currencies being Ethereum, Bitcoin, Tether, and Dogecoin. These wallets had a turnover of around $5.4 million, Avast researchers said.


Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024