New Phishing Campaign Combined with Typo-Squatting Steals Bitcoin, Blockchain Wallet Credentials

During May-June 2016, cyber-criminals utilized an amalgamation of typo-squatting and phishing techniques for running certain campaign whose purpose was to steal credentials of blockchain and Bitcoin purses.

Over hundred fake domains for blockchain and Bitcoin were created, a lot of which imitated genuine Bitcoin purses. The majority of these websites got registered dated 26th May 2016, while additional sites keep on popping up each day indicating the scheme continues within its initial phases.

The criminals responsible for running the phishing scheme relied on Web-pages that were cloned as pixel perfect related to different Bitcoin sites, emphasis on blockchain.info an extremely vital website within Bitcoin ecosystem.

Cloud-based security company Cyren of Israel found the early indications of the scam's activity during first half of June the time it noticed blocklchain[.]info proliferating via one pay-per-click ad fraud through Google AdWords. An end-user who unwittingly went to the website because of the criminals' cunning tricks, the website being an imitation of the actual site, followed with logging into it had his blockchain credentials get sent to the scammers. Threatpost.com posted this dated June 21, 2016.

Novogara a company lawfully established inside the Seychelles was the owner of the Internet Protocol address. Previously, it was called QUASINETWORKS. Even earlier than that, it boar the name Ecatel when at first it ran within the Netherlands till it reached December last.

It is when enthusiasm surrounding Bitcoin crypto-currency is flourishing that we hear of the news. During the last many months, the value of Bitcoin has been hiking; a development which numerous entities link with the flooding of ransomware. For, anytime ransomware attackers strike on victims they generally demand Bitcoin as payment to get the decryption key.

Within Web-hosting business, a description used for Novogara is "bulletproof hosting provider" meaning it does so much extra as to safeguard its clients no matter whether it knows its client is operating unlawful activities.

Also earlier, Novogara was co-related with websites harboring spam, child pornography alternatively origins of DDoS Web-traffic. During 2012, Anonymous the hacktivist syndicate carried out many distributed denial-of-service assaults on the network for harboring child porn.

» SPAMfighter News - 6/28/2016