A sophisticated phishing campaign has brought back Inferno Drainer, a notorious crypto-draining tool that targets users through deceptive Discord interactions.
Despite claims of its shutdown in late 2023, Check Point Research (CPR) has discovered that Inferno Drainer is still active, utilizing advanced techniques to evade security measures and drain digital wallets.
Enhanced Evasion Techniques
The latest version of Inferno Drainer showcases significant technical upgrades. The malware now employs single-use smart contracts and on-chain encrypted configurations, making detection and prevention more challenging. Communication with command-and-control (C2) servers has been obfuscated through proxy-based systems, making tracking efforts more difficult. These advancements allow the drainer to bypass wallet security mechanisms and anti-phishing blacklists.
In a recent campaign, attackers exploited Discord by redirecting users from legitimate Web3 websites to fake Collab.Land bots, leading them to phishing sites. Victims were deceived into signing malicious transactions, giving attackers access to their funds.
Significant Financial Impact
In the past six months, Inferno Drainer has compromised over 30,000 wallets, resulting in losses exceeding $9m. CPR stated that the malware’s continuous evolution and sophisticated social engineering tactics have contributed to its success in deceiving users and extracting funds.
“Combined with targeted deception and effective social engineering tactics, these techniques enable attackers to successfully conduct their activities, as evidenced by the stable financial flow identified through blockchain transaction analysis,” CPR explained.
Ongoing Threat Despite Shutdown Claims
Although developers of Inferno Drainer announced its shutdown in November 2023, evidence suggests that it is still operational. Smart contracts deployed in September 2023 are still active, and recent campaigns indicate ongoing development and deployment of the drainer’s infrastructure. The persistence of Inferno Drainer highlights the challenges in combating such threats within the cryptocurrency ecosystem.
Users are advised to exercise caution when interacting with unfamiliar platforms and to verify the authenticity of services before connecting their wallets. Implementing robust security measures and staying informed about emerging threats are crucial steps in safeguarding digital assets.
By staying vigilant and informed, users can protect themselves from falling victim to malicious actors in the ever-evolving landscape of crypto-related threats.