On Wednesday, Cyber security experts from Cisco Talos have reaped a bit-coin unknown cybercriminal gang. This gang is said to be stolen millions of dollars by exploiting Google Adwords. With the help of Ukraine Cyberpolice, this team has followed this gang for over past 6 months.
In a blog Post Jeremiah O’Connor and Dave Maynor who both are researchers said that this campaign might be a simple one but it has uncovered surprising financial rewards for the threat actors.
This group phishing activities were discovered in February 2017. This group targeted Bitcoin wallet platform blockchain.info by using phishing links, fraudulent and brand spoofing.
Cisco Talos says
This campaign was unique in that adversaries leveraged Google Adwords to poison user search results in order to steal user’s wallets. Since Cisco observed this technique, it has become increasingly common in the wild with attackers targeting many different crypto wallets and exchanges via malicious ads.
This gang established “gateway” phishing links which were appearing in search results when these people search Google for cryptocurrency related keywords such as “blockchain” or “Bitcoin wallet” which were bolstered by the purchase of Google Adwords. These links would then send victims to malicious domains that would serve phishing content depending on the OP address and likely language of the visitor.
Team indicates hackers were focusing on countries where the access to traditional banking may be difficult as Estonia, Nigeria Ghana and a number of other African Countries. These gang seems to know residents of these countries have more interest in cryptocurrency so this idea has decided the focus of phishing campaign. The matter of fact is when residents has difficulty in accessing the bank so cryptocurrency empowers users financially.
The security firm believes that this gang was in act at least from 2015 they have stolen tens of millions dollars’ worth of cryptocurrency. From September 2017 to December 2017 this group alone approximately has managed to steal $10 million in cryptocurrency, and in one particular 3.5 week period, the hackers were able to steal $2 million. They also have netted over $50 million over the past three years.
The researchers furthermore explains
While criminals were able to profit from this. It also adds a new level of complexity for criminals to convert their cryptocurrency funds to a flat currency like US dollars. The historic price of Bitcoin during the height of the height of this campaign would have made it very difficult to move these ill-gotten finances easily.
These hackers just not stop here they also established in wildcard SSL certificates issued by cloud flare and let’s encrypt to appear legitimate alongside brand spoofing and international domain names.
The team also added
We can expect to see more of these realistic looking phishes with let’s Encrypt releasing full wildcard certificate support at the end of this month Cisco will continue to monitor the landscape and coordinate with international law enforcement teams in 2018 to help protect users and organizations.