Researchers at Cisco published information about the new phishing scheme. Organizers of distributed fake copies of the Blockchain.info website thru a Google AdWords service.
Dave Maynor and Jeremiah O'Connor reported that they monitor the activity of the scheme called Coinhoarder for 6 months together with the cyber police of Ukraine. According to their estimates, for a three-year period of their activity, scammers were able to steal about $ 50 million in the crypto currency.
The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims. This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals. Additionally, the revenue generated by these sorts of attacks, can then be reinvested into other cybercriminal operations.
The attackers created similar to Blockchain websites and assigned similar domain names to them, for example block-clain. info or blockchien. info, counting on the fact that the user does not distinguish a fake from the original. Then they "used Google Adwords to distort the search results of users and steal money from their wallets".
Fake Blockchain info
Cisco found that the group operates from 2015, and assess the damage amount "tens of millions of dollars." According to their estimates, the attackers could steal about $ 50 million, and $ 2 million was stolen during the four-week period last year.