A recent report by Recorded Future has shed light on the intricate tactics employed by the infamous Russian crypto scam group, Crazy Evil. This group, known for their expertise in social engineering, operates by redirecting legitimate traffic to malicious landing pages, a strategy commonly referred to as a ‘traffer team.’
Since 2021, Crazy Evil has been focusing on targeting cryptocurrencies, non-fungible tokens (NFTs), smart contracts, and other web3 projects to carry out malicious activities on social media. These activities include stealing digital assets, committing identity fraud, and spreading infostealers.
The Insikt Group report by Recorded Future, released on January 23, revealed that Crazy Evil has orchestrated over 10 active scams on social media platforms. Their targets typically include high-profile individuals such as tech, gaming, and crypto influencers.
The cybercriminal gang utilizes a sophisticated malware toolkit that includes advanced tools like Stealc and Atomic macOS Stealer (AMOS) to target both Windows and macOS systems, ensuring widespread compromise.
Crazy Evil consists of six subteams – AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, each responsible for managing phishing pages associated with various scams to infect devices with malware. With a presence on low-tier dark web forums and over 3,000 followers on their public Telegram channel, Crazy Evil has been actively engaged in heists involving NFTs and other cryptocurrencies.
The gang continues to recruit new affiliates, who must submit detailed applications via a Telegram bot to gain access to private channels. With an estimated revenue of over $5 million from illicit activities and infecting tens of thousands of devices worldwide, Crazy Evil has become a significant threat to personal data security and the stability of the Web3 ecosystem.
Crazy Evil’s infection tactics involve promoting fake services on social media, leading users to install malware that targets both Windows and macOS environments. The gang’s manuals encourage affiliates to target DeFi, DApps, and other blockchain-based projects.
To mitigate the threat posed by groups like Crazy Evil, deploying advanced endpoint detection and response solutions, web filtering solutions to block malicious domains, updating threat intelligence feeds regularly, and incorporating security awareness training on cryptocurrency-targeted attacks are recommended measures.
As the group continues to operate on a large scale with alliances with rival gangs and malware developers, staying vigilant and implementing robust security measures are crucial in combating the enduring threats posed by groups like Crazy Evil.