Inferno Drainer Malware Strikes Again, Stealing $9 Million in 6 Months

In Brief:

Inferno Drainer malware resurfaces, stealing over $9 million in six months.

It primarily targets Ethereum and BNB Chain wallets, utilizing advanced phishing techniques.

The notorious Inferno Drainer malware, which was believed to have ceased operations in November 2023, has made a dramatic comeback, stealing over $9 million in the past six months, according to Check Point Research (CPR). The malware has infected more than 30,000 cryptocurrency wallets, with a focus on Ethereum and BNB Chain users.

Researchers discovered that Inferno Drainer's smart contract, deployed in 2023, continues to operate, with its latest version utilizing single-use smart contracts and on-chain encryption to enhance its stealth capabilities. The malware’s command and control servers use a proxy system, making it even harder for security measures to trace the attacks.

One of the primary ways Inferno Drainer has been spreading is through phishing, leveraging a forged verification interface for the widely-used Discord bot Collab.Land. The bot’s phishing attempts include "subtle visual differences" designed to trick users into signing malicious transactions. Despite Collab.Land requiring wallet signature verification, many users, even those with experience, may fall for the scam due to the authenticity of the phishing page.

CPR warns that users should be vigilant and always verify the authenticity of the platform they are connecting their wallets to before confirming any transactions. Given the sophisticated nature of these attacks, users are advised to exercise extra caution when interacting with platforms, especially those involving wallet connections.

‍