Inferno Drainer Malware Continues Operations
Despite claims of its closure in November 2023, the crypto-stealing malware known as Inferno Drainer continues to operate undeterred. In a recent report, cybersecurity experts from Check Point Research (CPR) revealed that the malware has siphoned off more than $9 million from over 30,000 cryptocurrency wallets during the past half-year.
Deep Analysis of Inferno Drainer
The CPR team’s findings are based on a detailed analysis that involved reverse-engineering the malware’s JavaScript code, decrypting settings acquired from its command-and-control (C&C) server, and scrutinizing related blockchain activities. Most of the stolen assets were linked to transactions on Ethereum and Binance Chain.
Enhanced Functionality of the Malware
Interestingly, analysts indicate that newly deployed Inferno Drainer smart contracts from 2023 remain active. This updated version of the malware has incorporated enhanced functionality, including:
- Single-use smart contracts
- Encrypted configurations on the blockchain
These advancements complicate detection and prevention efforts. Additionally, the malware’s communication channels have been obscured through proxy systems, further complicating tracking attempts.
Targeted Phishing Campaigns
The resurgence of Inferno Drainer coincides with a targeted phishing campaign aimed at Discord users. This scheme employed social engineering to mislead users from a legitimate Web3 project into a counterfeit site that falsely replicated the verification experience for the widely-used Discord bot, Collab.Land.
On this fraudulent platform, the malware was embedded to trick users into approving transactions, which allowed the attackers to access their cryptocurrency holdings.
The fusion of strategic deception combined with savvy social engineering has enabled this malware operation to secure a consistent income stream, as confirmed by blockchain transaction assessments. Consequently, cryptocurrency users are urged to remain vigilant when interacting with unfamiliar online platforms.
Urgency of Authenticity Checks
Notably, the counterfeit Collab.Land bot showcased only minor visual differences compared to its authentic counterpart, making it easier for unsuspecting users to fall prey. Given that the verified Collab.Land service mandates wallet verification through transaction signing, even seasoned cryptocurrency investors may inadvertently let their guard down when encountering the fake bot. This heightens the importance of checking for authenticity before connecting any wallets.
Broader Trend in Malware Campaigns
The return of Inferno Drainer highlights a larger trend of increasingly sophisticated malware campaigns that have emerged recently. Criminals are employing advanced strategies to distribute crypto-stealing software, including:
- Exploiting compromised mailing lists
- Utilizing open-source Python libraries
- Preinstalling trojans on fraudulent Android devices
