Steal C, AMOS, and Angel Drainer malware are used by a crazy evil gang to target Crypto currency
A well-known cybercriminal organization known as the “Crazy Evil Gang” has been in the news lately for its violent assaults on the bitcoin industry in the constantly changing realm of cyber threats. The group has successfully gained access to multiple crypto currency platforms by using a variety of sophisticated malware tools, including Steal C, AMOS, and Angel Drainer. They have stolen credentials, drained wallets, and left a path of financial ruin in their wake. This article examines their strategies, the features of their malware, and ways that individuals and organizations can defend themselves against these advanced dangers.
More than ten ongoing social media scams have been connected to the Russian-speaking cybercrime group Crazy Evil. These scams use a variety of specially designed lures to trick victims into installing malware, including Steal C, Atomic MACOS Stealer (also known as AMOS), and Angel Drainer.
“Specializing in identity fraud, crypto currency theft, and information-stealing malware, Crazy Evil employs a well-coordinated network of traffers social engineering experts tasked with redirecting legitimate traffic to malicious phishing pages,” Insikt Group, which owns Recorded Future
One indication that the threat actor is targeting users of both Windows and MACOS systems is the deployment of a varied malware arsenal by the crypto scam gang, which puts the decentralized finance ecosystem at danger.
The Crazy Evil Gang’s Rise
Early in 2024, the Crazy Evil Gang became a well-known threat actor, rapidly becoming known for its devastating assaults that targeted crypto currency wallets, exchanges, and investors. The organization is thought to be based in Eastern Europe and uses techniques similar to advanced persistent threat (APT) to penetrate and take advantage of its victims.
They are a powerful force in the world of cybercrime because of their approach, which includes phishing campaigns, exploit kits, and malware-as-a-service (MAAS) offers. They increase their chances of success by combining smart contract exploits, information exfiltration tools, and credential stealers.
The Arsenal of Malware
Steal C: The Expert in Credential Theft
Steal C is an advanced information thief that specializes in stealing credentials from password managers, browsers, and crypto currency wallets. Usually, phishing emails or rogue websites that mimic trustworthy crypto services are used to distribute this malware.
Important details
Retrieves auto fill information and credentials stored in the browser.
Focuses on popular wallets like Phantom, Trust Wallet, and Meta Mask.
Allows it to steal wallet addresses that have been copied by capturing clipboard data.
Makes it challenging to trace by using anti-detection methods.
Attackers can access victims’ crypto currency wallets and online accounts by using the credentials that Steal C provides to a command-and-control (C2) server after infecting a device.
The Multi-Purpose Malware, or AMOS
Advanced Modular Offensive Software, or AMOS, is a versatile malware strain that combines key logging, remote access, and data exfiltration features. Depending on the attacker’s goals, it may be utilized as a backdoor or spyware.
Important attributes
Custom functionalities are made possible by the modular architecture.
Key logging features to record login information for crypto currency exchanges.
Using clipboard hijacking, attacker-controlled wallet addresses are substituted for copied ones.
Methods of persistence to guarantee sustained access to hacked devices.
AMOS is frequently disseminated by malicious browser extensions, hacked software, and phony crypto currency apps. After it is installed, it connects to the attacker’s C2 server and begins gathering private data.
The Smart Contract Exploiter, Angel Drainer
Angel Drainer is a type of malware that targets Web3 applications and DEFI protocols by taking advantage of flaws in smart contracts. By deceiving users into signing harmful transactions, this form of drainer-as-a-service application allows attackers to automate crypto theft.
Important attributes
fraudulent transactions that deplete users’ crypto currency holdings without having direct access to the private keys.
Social engineering techniques like giveaway scams and phony airdrops.
Targeting of well-known block chains, such as Polygon, EtherEum, and Binance Smart Chain.
Operations in stealth mode to avoid being discovered by block chain security tools.
Angel Drainer has been involved in a number of well-publicized crypto currency thefts, frequently using dishonest decentralized applications (DAPPS) to fool users into authorizing nefarious transactions.
Techniques and Vectors of Attack
To increase their effectiveness and reach, the Crazy Evil Gang uses a range of attack techniques. The main methods they employ are listed below
Phishing Attacks
phony emails from wallet providers or crypto currency exchanges.
Fake websites that look like authentic crypto currency platforms.
Malicious attachments with AMOS or Steal C malware in them.
Browser extensions that are malicious
extensions for fake wallets that steal user information.
Extensions that reroute transactions by altering clipboard data.
Applications that have been Trojanized
AMOS-containing mining software or phony crypto currency wallets.
Steal C came with cracked software.
Web3 Social Engineering
phony token airdrop or NFT campaigns.
Platforms for bogus DEFI yield farming that need wallet permission.
Hijacking a clipboard
malware that substitutes attacker-controlled addresses for wallet addresses that have been copied.
Exploits of Smart Contracts
malicious approved transactions that provide hackers complete control over a user’s money.
Attacks on governance in decentralized autonomous organizations (DAOs) and rogue validators.
Strategies for Mitigation
Because these assaults are so sophisticated, individuals and organizations need to put strong security measures in place to protect their crypto currency holdings. The following are some crucial safety precautions
Turn on MFA, or multi-factor authentication:
For added security, use hardware security keys.
Don’t depend on SMS-based authentication alone.
Make use of cold wallets
Instead of using online hot wallets, keep your money in physical wallets.
Don’t sign documents from unreliable sources.
Check the sources and URLs
Prior to entering credentials, always verify domain names.
To prevent phishing efforts, use and bookmark official websites.
Use Browser Extensions Cautiously
Only install extensions from reliable sources.
Audit the permissions given to browser extensions on a regular basis.
Employ Anti-Malware Programs
Update your security software to identify and stop AMOS and Steal C.
Use endpoint security to keep an eye on questionable activity.
Educate and Keep Up to Date
Keep up with security updates from wallet providers and crypto currency exchanges.
Keep up with the most recent malware threats and frauds in the crypto currency industry.
Restrict the approvals of smart contracts
Review and cancel pointless smart contract approvals on a regular basis.
To control permissions, use tools like as Ether scan’s Token Approval Checker.
