Unit 42 researchers have uncovered a widespread campaign distributing fraudulent cryptocurrency investment platforms through websites and mobile applications. The operation employs deceptive practices, impersonating well-known brands to lure victims, particularly in East Africa and Asia. By leveraging multi-level affiliate programs and unrealistic promises of high returns, the campaign closely resembles Ponzi schemes. Affected: cryptocurrency investment platforms, East African and Asian users
Keypoints :
- Campaign discovered distributing fraud crypto investment platforms via websites and mobile apps.
- Threat actors impersonate popular brands to attract victims.
- Registration patterns suggest activities are by a single actor that heavily relies on Singapore-based domain registrations.
- Scammers target users from East Africa and Asia using large Telegram channels.
- Platforms make unrealistic claims about investment returns, akin to Ponzi schemes.
- Multi-level affiliate programs incentivize recruitment of new users.
- Distribution primarily occurs through popular video sharing platforms.
- Scam toolkit likely facilitates the bulk creation of the fraudulent platforms.
MITRE Techniques :
- Initial Access (T1071.001) β Phishing: Campaign leverages impersonated brands to lure victims into using their platforms.
- Collection (T1560.001) β Data from Information Repositories: Scammers collect personal information from victims through fraudulent platforms.
- Social Engineering (T1323) β Multi-Level Referral Program: Victims are encouraged to recruit others, similar to a Ponzi scheme structure.
- Exfiltration Over Command and Control Channel (T1041) β Use of Telegram channels to communicate and recruit users.
- Resource Development (T1583) β Use of a common toolkit for the bulk generation of scam websites and mobile applications.
Indicator of Compromise :
- [Domain] 2024olympics-shop[.]com
- [Domain] nmxquantify[.]com
- [Domain] teslamall66[.]vip
- [APKs URL] hxxps[:]//api.teslamall66[.]vip/teslamall66.apk
- [Hash] e3e4163263d65cd9de073cc564c4ab8be31c418c40eeb25af38fcfbfb063e6d9
Full Story: https://unit42.paloaltonetworks.com/fraud-crypto-platforms-campaign/