A cybersecurity researcher has exposed the workings of a fraudulent group called. crypto lab Since April 2018, it has made an estimated €480 million illegally by targeting individual French-speaking users in France, Belgium and Luxembourg.
The syndicate’s large-scale phony investment scheme primarily involves impersonating 40 well-known banks, fintechs, wealth management firms, and cryptocurrency platforms, with a fraudulent infrastructure spanning over 350 domains hosted on over 80 servers. Group-IB detailed that set-up is included. – Dive report.
The Singapore-based company describes the criminal organization as “run by a hierarchical structure of key players, distributors, developers and call center operators”, who promise high financial returns and high potential. recruited to trap victims.
“CryptoLabs employs French-speaking callers as ‘managers’ to make their fraud schemes better through location-focused tactics such as creating fake landing pages, social media ads, documents, and investment platforms in French. We made it convincing,” said deputy director Anton Ushakov. said head of high-tech criminal investigations at Group IB in Amsterdam.
“They have even masqueraded as the controlling French company in order to resonate with their target audience and successfully exploit them.”
All by luring targets through advertisements on social media, search engines and forums dedicated to online investment, posing as the “investment arm” of a disguised organization, offering attractive investment plans and giving away contact details. starts with.
In the next stage, a call center operator will contact you and provide additional details about the credentials required to trade with the fake platform.
“After logging in, the victim deposits funds in a virtual balance,” Ushakov said. “After that, they were shown a fictitious performance chart and began making additional investments in search of better returns, but eventually found that they could not withdraw their funds even after paying the ‘release fee’. increase.”
The initial deposit is around €200-300, but this scam tricks the victims into depositing more money by giving the illusion of good investment results.
Group-IB, which first revealed its large-scale fraud-as-a-service activity in December 2022, said the first signs of the group’s activity dated back to 2015, when it was found conducting various experiments. rice field. landing page. After two months of preparation, CryptosLabs’ investment fraud effort will begin in earnest around June 2018.
A key selling point of this campaign was to allow threat actors to execute, manage, and scale their activities at various stages, from malicious ads on social media to website templates used to pull off successful heists. It’s the use of custom cheat kits to make it happen. .
Also part of the kit are auxiliary tools for building landing pages, a customer relationship management (CRM) service that allows new managers to be added to each domain, used by fraudsters to register new customers on the trading platform. A possible lead control panel is also included. , and a VoIP utility for communicating with the victim in real time.
“Our analysis of CryptosLabs makes it clear that this threat group has given its operations a well-established structure in terms of operations and personnel, and is likely to expand the scope and scale of its illicit business over the next few years. ” said Ushakov.
