Over 1 500 fraudulent global resources aimed at potential crypto investors or users who are interested in crypto-currency mining have been detected by Kaspersky since the beginning of this year.
In addition, globally, the security giant prevented more than 70 000 user attempted visits to sites of this nature.
According to the company, the most popular schemes used by threat actors, include creating fake crypto-currency exchange Web sites, in which the user is promised a coupon for replenishing an account on a crypto exchange. However, before it can be used, they need to conduct a verification payment of usually no more than 0.005 Bitcoin (about $200), which ends up in the crook’s pocket.
Another common scheme, is sending messages about fake sales of video cards and other equipment for mining. To buy the equipment, the user must make an advance payment, after which all communication with the author of the ads grinds to a halt.
Finally, cyber criminals are designing phishing pages with various content to steal private keys, which allow them to gain access to all digital assets associated with a crypto wallet.
Around the world, crypto-currency mining malware caused much damage in 2018, infecting over five million people in the first three quarters of that year. Kaspersky’s research reveals that in certain African countries, the threat of malicious crypto miners, remains widespread.
In SA at present, the share of all users targeted by malicious crypto miners in H1 2021 was 0.60%. In Kenya, the share of all users targeted was 0.85% and in Nigeria, 0.71%. In other African countries, the share of all users targeted by malicious crypto miners is much higher, with Ethiopia showing a share of 3.68% and Rwanda, 3.22%.
Bethwel Opil, enterprise sales manager at Kaspersky in Africa, says although these numbers may be perceived as low and insignificant to users, crypto-miner malware has been identified as one of the top three malware families rife in SA, Kenya and Nigeria at present, which Kaspersky believe emphasises that as crypto-currency gains momentum, more users are likely to be targeted.
A high level of detail
Upon examination, fraudulent global resources detected by Kaspersky, found that attackers usually locate sites in popular domain zones such as .com, .net, .org, .info, and also zones where domain acquisition is cheap, like .site, .xyz, .online, .top, .club, .live.
In addition, the company says a distinctive feature of phishing and other types of crypto-currency fraud is the high level of detail on phishing Web sites. On fake crypto exchanges, for example, genuine data, such as bitcoin rates, is often loaded from real exchanges.
Malefactors are aware that users who invest or are interested in investing are often more tech-savvy than the average person, and tweak their techniques to make them more complex.
To avoid falling victim to malicious crypto miners, Kaspersky recommends that users not follow dodgy links from letters, messages in messenger apps and social networks.
In addition, the company advises to be critical of generous online offers, to only download apps from official stores, and to employ a security solution that protects against phishing, scams, and prevents the installation of malicious apps.
Finally, Kaspersky says to take extra precautions before buying anything online from an unknown company. “It is better to study on special WHOIS-sites information first about how long the domain has existed and who its owner is: if it is completely fresh and registered to a private person, you should not purchase from them.”