A Russian cybercrime gang called “Crazy Evil” is behind a new rash of social media phishing scams targeting crypto users.
The gang has been identified in a new cybersecurity threats report as the brains behind more than 10 sophisticated social media phishing scams that lure victims into downloading malware that steals their crypto. The scams reportedly make use of highly bespoke social engineering tactics to convince users to drop their guard and install malware such as Angel Drainer, Atomic mac OS Stealer, and StealC.
Providing an insight into the inner working of Crazy Evil, threat research outfit Insikt Group, which made the discovery, said in an announcement:
Crazy Evil’s operation is both vast and meticulous. Its six subteams — AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND — run bespoke scams targeting specific victim profiles. From phishing lures aimed at cryptocurrency influencers to malware payloads designed for cross-platform infection, the group’s tactics reflect an advanced understanding of cybersecurity loopholes.
According to Insikt, Crazy Evil’s capabilities extend across both Windows and mac OS, giving it a cross-platform advantage in compromising users, which marks out this gang as uniquely dangerous. Insikt also revealed that in addition to its sophisticated social engineering capability and cross-platform abilities, what marks out Crazy Evil is its explicit targeting of crypto holders with malware specifically designed to steal wallet keys and extract other information that may be used to compromise wallet security.
To mitigate for the sophistication of Crazy Evil malware attacks, users are encouraged to deploy endpoint detection and response solutions that actively scan for the presence of specific malware families linked to the gang, as well as web monitoring and filtering to block access to malicious domains controlled by Crazy Evil.
On Dec. 28, on-chain investigator Taylor Manahan flagged the existence of similar bad actors that used social engineering tactics such as fake Web3 job interviews to install malware on the devices of victims with a view to ultimately stealing their crypto wallet keys.
