A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.
"Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a well-coordinated network of traffers — social engineering experts tasked with redirecting legitimate traffic to malicious phishing pages," Recorded Future's Insikt Group said in an analysis.
The use of a diverse malware arsenal cryptoscam group is a sign that the threat actor is targeting users of both Windows and macOS systems, posing a risk to the decentralized finance ecosystem.
Crazy Evil has been assessed to be active since at least 2021, functioning primarily as a traffer team tasked with redirecting legitimate traffic to malicious landing pages operated by other criminal crews. Allegedly run by a threat actor known on Telegram as @AbrahamCrazyEvil, it serves over 4,800 subscribers on the messaging platform (@CrazyEvilCorp) as of writing.
"They monetise the traffic to these botnet operators who intend to compromise users either widely, or specifically to a region, or an operating system," French cybersecurity company Sekoia said in a deep-dive report about traffer services in August 2022.
"The main challenge facing traffer is therefore to generate high-quality traffic without bots, undetected or analysed by security vendors, and eventually filtered by traffic type. In other words, traffers' activity is a form of lead generation."
Unlike other scams that revolve around setting up counterfeit shopping sites to facilitate fraudulent transactions, Crazy Evil focuses on the theft of digital assets involving non-fungible tokens (NFTs), cryptocurrencies, payment cards, and online banking accounts. It is estimated to have generated over $5 million in illicit revenue and compromised tens of thousands of devices globally.
