Crazy Evil, a Russian-speaking cybercrime group, is behind multiple social media scams targeting cryptocurrency and digital asset theft. The group utilizes various malware and social engineering techniques to redirect users to phishing websites, causing significant financial losses. Affected: cryptocurrency community, financial sector, digital asset users
Keypoints :
- Crazy Evil is a notorious Russian-speaking cybercrime group involved in social media scams.
- The group employs malware like StealC, Atomic macOS Stealer (AMOS), and Angel Drainer targeting Windows and macOS users.
- Operates a traffer network that redirects legitimate traffic to phishing sites.
- Has been active since at least 2021, mainly operating on Telegram.
- Utilizes various scams, including fake job offers and investment schemes, leading to over million in illicit revenue.
- Divided into sub-teams focusing on specific scams targeting cryptocurrency users.
- Shared infrastructure with other threat groups using Traffic Distribution System (TDS) tagged TAG-124.
- Malware distribution tactics include utilizing reputable platforms like GitHub for malware delivery.
MITRE Techniques :
- T1583: Acquire Infrastructure – Crazy Evil operates a traffer network and manages Telegram channels for communication.
- T1203: Exploit Public-Facing Application – Traffers redirect legitimate traffic to phishing websites.
- T1071: Application Layer Protocol – Use of Telegram to manage phishing operations and malware distribution.
- T1070: Indicator Removal on Host – Employs social engineering tactics to disguise malware as legitimate software.
- T1204: User Execution – Utilizing spear-phishing lures targeting cryptocurrency users.
Indicator of Compromise :
- [URL] https://easy4hub.blogspot.com
- [Domain] telegram.org
- [Domain] Voxium.com (implied in job offer scam)
- [Domain] SeleniumFinance.com (implied in digital asset management scam)
- [Domain] Gatherum.com (implied in AI virtual meeting scam)