Inferno malware drains Coinbase of $87m from 137k victims

Jan 17 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like the tories treats the Post Office victims ????

 Today’s hottest cybersecurity news stories:

  • ???? Inferno malware drains Coinbase of $87m from 137k victims ????

  • ???? 3 #ransomwherearetheynow newcomers to watch in 2024 ????

  • ???? Cyber-seding every other threat to business in 2024 ????

Infernoooooooooooooo ????????????


???? Inferno Drainer: A Year of Deception and $87 Million in Illicit Gains

A recent report by cybersecurity firm Group-IB reveals the alarming operations of the now-defunct Inferno Drainer, which wreaked havoc from November 2022 to November 2023. ???? The malicious scheme involved creating over 16,000 unique domains in a year, generating high-quality phishing pages to dupe users into connecting their cryptocurrency wallets.

The attackers exploited Web3 protocols, tricking victims into authorising transactions and amassing a staggering $87 million in illicit profits from over 137,000 victims. ???? Operating under the scam-as-a-service model, affiliates received a 20% cut of the earnings, with options to upload the malware to their phishing sites or use the developer’s service for a fee.

Notably, Inferno Drainer impersonated over 100 cryptocurrency brands via specially crafted pages hosted on the extensive network of domains. ???? Further analysis revealed that the JavaScript-based drainer, initially hosted on GitHub repositories, evolved to directly incorporate websites.

The attackers, using enticing names like seaport.js and coinbase-wallet-sdk.js, infiltrated platforms like Discord and X, tempting victims with promises of free tokens and draining their assets upon transaction approval. ???? Group-IB warns of the ‘X as a service’ model thriving, providing opportunities for less tech-savvy individuals to enter cybercrime.

Despite the cessation of Inferno Drainer’s activities, Group-IB emphasises the persistent threat to cryptocurrency holders, foreseeing a potential surge in malicious scripts spoofing Web3 protocols in 2024. ????????️


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

New Kids On The Block ????????????

???? Ransomware Rampage: 55.5% Surge in 2023 with 4,368 Cases Worldwide

Hold on tight as we take you through the rollercoaster of the ransomware world in 2023, witnessing a staggering 55.5% surge in victims worldwide, totaling a jaw-dropping 4,368 cases. ???? The year showcased a resilient comeback, following a brief dip in 2022, propelling both existing and new ransomware groups into the spotlight.

In this thrilling ransomware ride, LockBit 3.0 maintained its supremacy, orchestrating 1,047 victims through high-profile attacks like Boeing and Royal Mail. AlphV and Cl0p trailed with 445 and 384 victims, respectively, in 2023. ???? Yet, these three weren’t the lone players; emerging gangs like 8Base, Rhysida, 3AM, Malaslocker, BianLian, Play, and Akira contributed to the ransomware boom.

???? 3AM, a Rust-coded ransomware, made its debut in 2023, impacting over 20 organisations, mainly in the USA. What sets them apart? A LockBit affiliate switched to 3AM when blocked, hinting at potential future appearances. ????️‍♂️ 3AM’s unusual choice of outdated PHP scripts adds a layer of unpredictability, possibly for obscurity, simplicity, or overconfidence.

???? Rhysida, a standout in May/June 2023, gained attention for a victim support chat portal and public disclosures of stolen Chilean Arm documents. They targeted healthcare institutions, government agencies, and even caused a technology outage at the British Library. The diverse range of industries they infiltrated showcases their broad impact.

???? Akira Group, discovered in March 2023, claims 81 victims to date. Intriguingly linked to Conti, Akira operates a ransomware-as-a-service model, impacting both Windows and Linux systems. Their exploitation of compromised VPN credentials highlights the importance of multi-factor authentication. As they continue to grow, the ransomware industry braces for their potential dominance.

???? The ransomware industry’s rise shows no signs of slowing down, with new players expected to join the ranks alongside established groups. Cyberint’s 2023 Ransomware Report dives deep into the industries, countries, and tactics targeted, highlighting the evolving landscape and forecasting what 2024 may hold. ????????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

We’re cyber-serious about this, folks ????

???? Cybersecurity Takes Center Stage in Allianz Risk Barometer

In a recent report by Allianz, cyber events have surged to the top of U.S. businesses’ worry list, edging out business interruption as the primary concern. ???? This global trend persists for the third consecutive year, indicating a growing fear of cyber threats both in the U.S. and worldwide.

The report, based on insights from 3,069 risk management experts across 92 countries, reveals a rising apprehension about the increasing sophistication of cybercriminals and state-linked actors surpassing industry defence capabilities. ???? Ransomware, data breaches, and attacks on critical infrastructure are seen as potential disruptors for major businesses.

Scott Sayce, Global Head of Cyber at Allianz Commercial, highlights the emerging threat landscape, stating that cybercriminals are leveraging technologies like generative artificial intelligence for more potent and accelerated attacks.

Data breaches top the list of global cyber concerns, with 3 in 5 respondents expressing worry, followed by attacks on critical infrastructure at 53%. The report emphasises ongoing challenges, including a shortage of qualified cyber professionals, lax cybersecurity in the mobile space, and vulnerabilities among small businesses relying on outsourced security services. ????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles