HQ/EMEAFind out how we can help your business
A new social engineering campaign conducted by the alleged Russian threat group dubbed Crazy Evil redirects targets to malicious landing pages to infect them with infostealers.
Since 2021, this cybercriminal organisation has been actively using cryptocurrencies, NFTs, smart contracts, and other Web3 technologies to conduct nefarious social media activities.
This newly discovered campaign includes multiple cybercriminal activities, such as data theft, identity fraud, and the dissemination of information stealers.
The Crazy Evil cybercriminal gang has multiple ongoing social media frauds.
According to investigations, the Crazy Evil group runs at least ten social media frauds, usually targeting high-value victims like IT, gaming, and cryptocurrency influencers.
The researchers discovered that the gang used a sophisticated malware toolset, including advanced tools like Stealc and Atomic macOS Stealer (AMOS), so it could target both Windows and macOS.
Further research also claimed that Crazy Evil is a cybercrime organisation with six subteams. These confirmed teams are AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND.
Each subgroup monitors its phishing pages related to various scams designed to infect devices with malware. The malicious entity has been active since 2021 and is still present on low-tier dark web forums.
The organisation also has a massive following, acquiring over 3,000 followers on its public Telegram channel.
Despite being well-known for various campaigns, Crazy Evil is particularly interested in NFT heists. Still, it has also been observed that they are taking advantage of other cryptocurrencies, payment cards, gaming accounts with assets that can be auctioned, online banking accounts, and other financial targets.
The gang’s activities have most likely increased over the last three months because of a series of exit frauds by other similar crypto scammers and traffer teams. However, the gang continues to recruit new affiliates, who are encouraged to send comprehensive applications to them using a Telegram bot, which grants them access to subsequent apps and private channels.
The group uses two public Telegram channels to share information and connect with the public. It also uses two private Telegram channels to manage its scam activities and one private Telegram discussion group for its traders.
