A cybercrime group named GreedyBear has stolen greater than $1 million in cryptocurrency by combining a number of forms of scams, in keeping with an August 7 report from Koi Safety.
Researcher Tuval Admoni acknowledged that the group has moved past typical scams and is working at a a lot bigger scale.
Whereas many attackers concentrate on one technique, comparable to phishing web sites or faux browser add-ons, GreedyBear spreads faux browser extensions, builds convincing rip-off web sites, and makes use of dangerous software program to steal info from crypto customers.
Do you know?
Subscribe – We publish new crypto explainer movies each week!
Learn how to Create an NFT: Best Approach (Animated Explainer)
Koi Safety discovered greater than 150 of those faux add-ons on the Firefox extension retailer. They copied the looks of crypto wallets like MetaMask, TronLink, Exodus, and Rabby Pockets.
To keep away from getting caught, GreedyBear first uploads a innocent model of the extension to move retailer checks. After it’s authorised and will get good critiques, they replace it to incorporate code that may steal customers’ pockets particulars.
Admoni stated, “These faux instruments gather login particulars from customers by pretending to be actual pockets interfaces”.
The report additionally defined that GreedyBear has constructed over 650 separate instruments that concentrate on individuals who use crypto wallets. Moreover, the group runs faux web sites that seem like exchanges or buyer help pages. Additionally they use malware to vary pockets addresses or steal copied information throughout transactions.
Admoni acknowledged within the report:
Most teams choose a lane, possibly they do browser extensions, or they concentrate on ransomware, or they run rip-off phishing websites. GreedyBear stated, ‘Why not all three?’ And it labored. Spectacularly.
Just lately, cybersecurity agency CTM360 reported that scammers are working a marketing campaign referred to as “ClickTok”. What’s it? Learn the complete story.
