Magnitude EK actor goes for Bitcoin multiplier scam (updated)
Credit to Author: Jérôme Segura| Date: Mon, 06 Nov 2017 18:30:00 +0000
It is well known that hot commodities tend to attract scammers and online criminals. The continuous rise of Bitcoin over the past year (valued at over USD $7,188 at the time of writing) is generating frenzy amongst fans of cryptocurrencies as well as those watching from the sidelines.
While the threat of Bitcoin theft from hackers or rogue operators remains high, we also see many scams inspired by the classic Ponzi scheme. Such is the case of the Bitcoin multiplier scheme, where victims are enticed to send some of their Bitcoin to a particular wallet and be given x times the amount they invested.
Multiply your loss
There are a few different ways users are drawn to this scam. One of them is searching online for such a service (and you can find many). One of them is searching online for sites that offer such a service (and you can find many). Some people are even asking the million dollar question: “Is there any genuine Bitcoin multiplier?” which scammers immediately pounce on and use for Search Engine Optimization (SEO) purposes.
Malvertising
Another tactic is to use malicious advertising to redirect users to such sites.
The offer sounds too good to be true and should raise an immediate red flag. Even the “confidence” indicators displayed at the bottom of the page are fake and just for show.
However, the scam artists are using an interesting ploy by first asking the user for their email address and Bitcoin address, suggesting that the service might actually send them something. But the opposite happens. When the user submits their information, they are taken to a different page asking them to send BTC to the perpetrator’s wallet:
This might make some people feel uneasy, but the crooks have an answer for any doubts that might arise. They keep a page with previous payments they have sent, although this information is bogus.
In trying to deconstruct this scam, one question that comes to mind is why such a service would exist in the first place, especially considering that nowhere on the site do they mention any kind of commission for their effort. Well, apparently, these guys are doing it for the altruistic love of technology.
Sadly, many people have fallen for this scam and will never see their money again.
More than just a scam: Magnigate
We discovered that this Bitcoin multiplier template is in fact Magnigate, the work of the actor behind the Magnitude exploit kit, well known for using decoy sites and doing various types of filtering on incoming traffic. South Korean users do not get the scam page, but rather are redirected to the exploit kit which delivers the Magniber ransomware.
So far, the perpetrators have not received any money yet, either from the scam or Magniber (at least for those particular wallets):
The best piece of advice we can give you is to stay away from too good to be true promises, especially when it involves something like Bitcoin or other cryptocurrencies. And if you need any more guidance, the answer to the million dollar question is: No, there are no genuine Bitcoin multipliers.
Indicators of compromise
Magniber:
5e4e890f7749818f3c21b7057e7c21b43dbfacd9be6b52c42e4d8051cc8d35da
The post Magnitude EK actor goes for Bitcoin multiplier scam (updated) appeared first on Malwarebytes Labs.