Kopeechka.store offers to rent established email addresses to expedite large-scale account signups for criminal campaigns, dramatically cutting costs for spammers. Researchers link the service to Mastodon spam campaigns by quotpw, crypto scam networks like Impulse Team, and fake reputation sites such as Scam-Doc, underscoring a broader ecosystem of abuse. #Kopeechka #Quotpw #Mastodon #ImpulseTeam #ScamDoc #TrendMicro #FBI #RenaudChaput
Keypoints
- Kopeechka.store provides an API-driven way to obtain working email addresses from providers to use for automated account signups.
- Customers do not get full inbox access; Kopeechka forwards only relevant confirmation messages to their panel, enabling shared use of the same email address.
- Pricing is extremely low (fractions of a penny) per confirmation message, reflecting a low-cost model for large-volume registrations.
- The service promotes affiliate programs, including embedding its API in software and selling Kopeechka usernames/passwords for working emails.
- Quotpw’s Mastodon spam campaign used Kopeechka to pool bot-created/compromised emails for thousands of registrations, illustrating practical abuse.
- Trend Micro ties Quotpw to the Impulse Team crypto scam affiliate network and notes a fake reputation site ( Scam-Doc ) used to bolster scam credibility.
MITRE Techniques
- [T1136] Create Account – The attacker uses Kopeechka to obtain email addresses via an API call to enable automated account registrations; ‘the botnet or spam machine to make an automated application programming interface (API) call to the Kopeechka service, which responds with a working email address at an email provider of your choosing.’
Indicators of Compromise
- [Domain] Kopeechka domain and related providers – kopeechka.store, joinmastodon.org, mastodon.online, mastodon.social, apple.com, outlook.com