As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify

Share this…

Today’s Bitcoin to US Dollar exchange rate has reached $902, the first time Bitcoin price has gone above the $900 mark since January 2014, almost three years ago.

Nobody knows what’s driving this sudden surge of Bitcoin popularity, but cyber-criminals won’t bother looking into macroeconomic factors when deciding that the market is ripe and ready for the taking again.

Bitcoin price surge reverberates through cybercriminal landscape

Over the past couple of months, as the Bitcoin price was slowly coming out of the $200-$400 price range where it spent almost two years, cyber-criminals took notice.

The first to do so were ransomware authors, who had to cut down the ransom demands they asked from victims. They had to do this because a ransom of 2 Bitcoin that once meant $400, all of sudden became $1,200, or more, a sum that very few users could afford to pay.

But ransomware victims are occasional Bitcoin users. A more lucrative operation is the phishing market sector, where crooks have yet again turned their full attention on Bitcoin wallet services.

The culprits behind these phishing pages targeting Bitcoin users are your regular career phishers. The Cisco OpenDNS team has tracked the operators of some of these Bitcoin phishing sites to numerous other phishing domains, used for collecting credentials for other services, such as Google, Dropbox, Apple, Amazon, and others.

Phishing domains recorded via one single email address
Phishing domains recorded via one single email address [Source: OpenDNS]
One server hosting multiple phishing kits
One server hosting multiple phishing kits [Source: OpenDNS]

In most of the observed cases, phishers are targeting Blockchain.info, the largest web-based Bitcoin wallet service. Attackers record hundreds of Blockchain.info lookalike domains, usually involving a variation on the URL that includes a hard to spot typo.

OpenDNS has worked to track down all these newly created phishing pages targeting Blockchain.info and other Bitcoin wallet services. Currently, most of these domains are inactive.

The ones that remained online are of an extremely low quality, most of them being nothing more than images with URLs mapped over button sections.

Bitcoin phishing page
Bitcoin phishing page

Nevertheless, Bitcoin users should be very careful these days, especially when accessing Blockchain.info and other wallet services via embedded links.

The best course of action is if users type in the URL by hand every time they access their wallet. This way, they can’t be tricked by links nefariously embedded online.

Below is a list of the domains that hosted Blockchain.info-themed phishing pages:

Domain, WHOIS Creation Date
blockchainls.info 2016-11-03
blockchanfo.info 2016-11-03
blockchianfo.info 2016-11-03
blockchainle.info 2016-11-04
blockchainln.info 2016-11-04
blockchianin.info 2016-11-05
blockchianls.info 2016-11-05
blockchianie.info 2016-11-08
blockchianle.info 2016-11-08
blockchianln.info 2016-11-08
blockchinfo.info 2016-11-14
blockchlanfo.info 2016-11-14
blocklchaina.info 2016-11-14
blockchanifo.info 2016-11-16
blockchianas.info 2016-11-16
blockichianfo.info 2016-11-16
blockchiania.info 2016-11-21
blockchianias.info 2016-11-21
blockchianies.info 2016-11-21
blockchianisa.info 2016-11-21
blockichianis.info 2016-11-21
blockchiansa.info 2016-11-22
blockchianse.info 2016-11-22
blockchiensa.info 2016-11-22
blackclhian.info 2016-12-07
blackichian.info 2016-12-07
blacklchian.info 2016-12-07

Bitcoin tumblers also targeted

But Bitcoin wallets aren’t the only ones targeted by phishers. According to a report from NewsBTC, the top result for Bitcoin tumbling services on Google redirects users to a service that stole their funds.

Bitcoin tumblers are automated systems that transfer Bitcoin funds from a public account to a private account by breaking down the sum and sending it through a large number of intermediary points until it reaches the private account. The purpose of Bitcoin tumblers is to make the hundreds and thousands of tiny Bitcoin transactions very hard to track, and mask a user’s funds.

According to NewsBTC, the top Google search result was redirecting users to a clone of the real Helix Light Bitcoin tumbling service, which stole users’ funds.

Original Helix Light website
Original Helix Light website

As Bitcoin becomes a hot commodity once again, expect more and more attacks to target Bitcoin users.

According to a Forbes exclusive article, some of these attacks won’t even need user interaction, as hackers have moved on to targeting users’ telephone numbers, which they use to hijack mobile communications, reset passwords for Bitcoin-related services, and empty out wallets when possible. In fact, this is how a hacker stole over $300,000 from a famous cryptocurrency mogul.

Source:https://www.bleepingcomputer.com