A sophisticated phishing campaign has reintroduced Inferno Drainer, a notorious crypto-draining tool that targets users through deceptive Discord interactions.
Despite claims of its shutdown in late 2023, Check Point Research (CPR) has uncovered that Inferno Drainer remains active, employing enhanced techniques to bypass security measures and drain digital wallets.
Enhanced Evasion Techniques
Inferno Drainer’s latest iteration showcases significant technical upgrades.
The malware now utilizes single-use smart contracts and on-chain encrypted configurations, making detection and prevention more challenging. Communication with command-and-control (C2) servers has been obfuscated through proxy-based systems, further complicating tracking efforts.
These advancements allow the drainer to circumvent wallet security mechanisms and anti-phishing blacklists.
In a recent campaign, attackers exploited Discord by redirecting users from legitimate Web3 websites to counterfeit Collab.Land bots, leading them to phishing sites. Victims were tricked into signing malicious transactions, granting attackers access to their funds.
Significant Financial Impact
Over the past six months, Inferno Drainer has reportedly compromised more than 30,000 wallets, resulting in losses exceeding $9m.
CPR said the malware’s continued evolution and sophisticated social engineering tactics have contributed to its success in deceiving users and extracting funds.
“Combined with targeted deception and effective social engineering tactics, these techniques enable attackers to successfully conduct their activities, as evidenced by the stable financial flow identified through blockchain transaction analysis,” CPR explained.
Read more on crypto-focused malware: North Korea Targets Crypto Devs Through NPM Packages
Ongoing Threat Despite Shutdown Claims
Although Inferno Drainer’s developers announced its shutdown in November 2023, evidence suggests continued operation.
Smart contracts deployed in September 2023 remain active, and recent campaigns indicate ongoing development and deployment of the drainer’s infrastructure.
The persistence of Inferno Drainer highlights the challenges in combating such threats within the cryptocurrency ecosystem.
Users are advised to exercise caution when interacting with unfamiliar platforms and to verify the authenticity of services before connecting their wallets.
Implementing robust security measures and staying informed about emerging threats are crucial steps in safeguarding digital assets.
