CryptoCore (Scam) – Malware

Overview

The CryptoCore scam represents one of the most sophisticated and far-reaching cryptocurrency fraud operations of the modern digital age. As cryptocurrencies have grown in popularity, so too have the methods employed by scammers to exploit unsuspecting individuals. Among these, CryptoCore stands out for its highly organized and technologically advanced approach, leveraging deepfake technology, hijacked social media accounts, and professional-looking websites to defraud victims. What makes CryptoCore particularly dangerous is its ability to exploit widely publicized events, such as major space missions or celebrity-driven initiatives, to gain the trust of potential victims.

At the heart of CryptoCore’s strategy is the use of deepfake videos, often featuring high-profile individuals or events, to trick people into believing that they are participating in legitimate cryptocurrency giveaways. These videos, combined with hijacked social media accounts of trusted figures like YouTubers and celebrities, give the scam an air of authenticity. The attackers not only use deepfake technology to deceive but also create intricate fake websites that appear remarkably legitimate, complete with fake transaction systems and customer support chatbots, to further mislead users. Once victims are lured in, they are prompted to send cryptocurrency to fraudulent wallets with the promise of receiving even larger returns.

Targets

Individuals

How they operate

The first step in CryptoCore’s operation is selecting a high-profile event or figure that is likely to attract significant attention. This can be anything from a major technological launch, such as a spaceflight or cryptocurrency seminar, to a celebrity endorsement. The attackers use deepfake technology to create realistic videos featuring the targeted personalities, often promoting an “exclusive” cryptocurrency giveaway. Deepfakes are generated by training artificial intelligence models to replicate the appearance and voice of these individuals, making the content appear highly authentic. These videos are then used to lure potential victims, who believe they are being invited to participate in a legitimate event or promotion.

Once the deepfake content is ready, the scammers proceed to hijack popular social media accounts to amplify the reach of their fraudulent campaigns. Hijacked YouTube accounts are a primary target, as they provide a platform with a large subscriber base and significant visibility. The attackers typically gain access to these accounts through phishing emails or malware that steals login credentials. Once an account is compromised, the scammers modify the account’s description, background, and content to make it appear as if the giveaway is being promoted by the actual celebrity or event organizers. These hijacked accounts then broadcast the deepfake videos to a massive audience, effectively tricking people into thinking they are engaging with a legitimate source.

To further solidify the illusion of authenticity, the scammers design highly convincing fraudulent websites that replicate legitimate cryptocurrency platforms. These sites often feature professional layouts, fake transaction systems, and even customer support via chatbots to offer a semblance of credibility. When victims are redirected to these fake sites, they are encouraged to participate in the giveaway by sending cryptocurrency to the scammers’ wallets, with the promise of receiving larger returns. The websites often include QR codes that make it easier for victims to send funds directly from their smartphones. However, once the cryptocurrency is sent, there is no way to recover it.

The attackers also leverage social media platforms like Twitter, Telegram, and Telegram bots to help distribute links to the fraudulent videos and websites. These links often appear in the form of comments or messages promoting the giveaway event. As victims search for official details about the event, these links surface at the top of search results due to the popularity of the hijacked accounts and the volume of engagement with the posts. The scammers also make use of fake comments and posts on various forums to increase the legitimacy of the scam, further deceiving potential victims into believing they are part of a widespread, legitimate event.

References:

• CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations