A new and rising threat to decentralized financing has been identified. Threat intelligence researcher, the Insikt group, has uncovered “Crazy Evil,” a rapidly growing Russian crypto-scam gang that targets cryptocurrency users and influencers. According to Insikt Group, over ten active social media scams are linked directly to Crazy Evil, garnering millions of dollars in illicit funds and infiltrating tens of thousands of devices.
Crazy Evil is what is referred to as a “traffer” team, which Insikt describes as “a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages.” Allegedly operating since 2021 on dark web forums and amassing thousands of followers on their public Telegram channels, Crazy Evil’s primary targets are cryptocurrency users, non-fungible token (NFT) traders and gaming professionals – all of whom often use decentralized platforms with little or no regulatory oversight.
Crazy Evil’s intricate system of Telegram channels
Crazy Evil has an intricate system of Telegram channels that record everything from precise details of scams to listed earnings – even tagging the traffers responsible for each infostealer attack. Additionally, Crazy Evil puts out advertisements on dark web forums to entice new applicants. Each sub-team implements its own specific application process, with some teams even providing manuals to educate new traffers on how to engage with victims, and rule books for proper work conduct.
Crazy Evil is divided into six sub-teams specializing in different schemes. These sub-teams reportedly operate fraudulent software and platforms, such as a decentralized communication tool, AI-assisted productivity software, and a community development platform – all with the intention of luring new victims and delivering infostealer malware.
In one sub-team, appropriately referred to as “ZOOMLAND,” traffickers focus on impersonating meeting software Zoom and WeChat. Another sub-team focuses on running digital asset management platform “Selenium Finance,” and has even gone to the lengths of creating its own digital token.
As the need for cryptocurrency in everyday life and business continues to grow, so does the window of opportunity for Crazy Evil and other similar groups.
“Cybercriminal groups that exclusively work in this space will become uniquely positioned to capitalize on wider adoption,” says the Insikt Group. “Crazy Evil’s strong presence on dark web forums, its alliances with rival gangs and malware developers, and the robust obfuscation techniques it incorporates into its scams will likely result in more enduring threats that are difficult to detect and neutralize.”
