Online advertising platforms, including Google and Twitter, are inadvertently promoting websites linked to a sophisticated cryptocurrency fraud scheme known as ‘MS Drainer.’ This cybercriminal has reportedly misappropriated a whopping $59 million from over 63,210 victims in just the past nine months.

Security researchers at ScamSniffer have uncovered a worrying trend of over 10,000 phishing websites utilizing the tactics of the notorious crypto scammer ‘MS Drainer’ between March 2023 and December 2023.

From March to now, Scam Sniffer has monitored about 10,072 phishing websites using them. By analyzing the on-chain data associated with their phishing addresses, they have stolen nearly $58.98 million from about 63,210 victims over the past nine months.

ScamSniffer blog post reads.

A drainer is a malicious smart contract or, in this case, a complete phishing suite designed to drain funds from a user’s cryptocurrency wallet without their consent.

Users are taken to a legitimate-appearing phishing website and tricked into approving malicious contracts, allowing the drainer to automatically perform unauthorized transactions and transfer the victim’s money to the attacker’s wallet address.

The source code for MS Drainer is sold to cyber criminals for $1,500 by a user named ‘Pakulichev’ or ‘PhishLab,’ who also charges a 20% fee on any funds stolen with the toolkit. Additionally, PhishLab sells additional modules that add new features to the malware, costing between $500 and $1,000.

Buy Me A Coffee

By analyzing the on-chain data of addresses associated with the Drainer, they have stolen approximately $58.98 million from 63,210 victims over the past 9 months.

CERT-In Finds Multiple Vulnerabilities in Android, Advises Users to Update

Top victims:

VictimChainTotal Stolen

Users should be very cautious when seeing cryptocurrency-related ads and perform due diligence before signing up to new platforms, let alone connecting their wallets.

References: Bleepingcomputer