Crypto Scam Deep Fakes and the return of the Russian scam factory!
I’ve previously written about the risk of deep fakes within crypto crime: https://www.linkedin.com/pulse/rise-deep-fakes-crypto-crime-tara-annison-a37xe/?trk=article-ssr-frontend-pulse_more-articles_related-content-card and one specific risk I called out was the use of deep fakes to impersonate crypto personalities to try and dupe them into investing in a scam coin or creatine market moving news to manipulate prices.
I’ve seen my fair share of fake Elon’s promoting scam tokens and in February crypto security firm CertiK shares a still of a deep fake video of Vitalik promoting a wallet drainer scam.
CEO of MicroStrategy Michael Saylor also warned crypto investors at the beginning of 2024 to watch out for deep fakes involving him or his company. One such scam I came across was the classic ‘send some crypto and you’ll get double back’ type. This is referred to as a giveaway scam. The ‘event’ purported to be a livestream with a deep faked video of Michael promoting the scam and advising users to scan the QR code and claim the opportunity. Whilst you can certainly see some odd mouth movements which often don’t match the dialogue, it’s likely to have convinced those who weren’t watching closely or who were duped by FOMO to act quick and take action.
(The video I took this screenshot from has been taken down by YouTube but you can see this video for the type of edit that’s achieved: https://www.youtube.com/watch?v=TOzaA08URmg )
What’s also likely to have duped watches is that the account which posted the video had 1.65m subscribers on YouTube! This therefore appears to be a case of ‘streamjacking’ where a legitimate Youtube account is taken over and malicious content is posted.
I took a visit to the directed website to see what intel I could get on the size of the scam’s success and landed on a very familiar looking website!
Back in December 2022 I did an investigation into what turned out to be a Russian crypto scam factory which looked to have scammed users out of potentially millions worth of crypto. You can read the full investigation here:
https://www.linkedin.com/pulse/russian-giveaway-scam-factory-tara-annison
This website template was very similar to the one I repeatedly saw in the various arms from that scam factory. Sure enough this website’s metadata also had links to Russian domains but luckily this arm of the scam had received less than $1,000 worth of BTC and no ETH … yet.
However this wasn’t the only time this website template jumped out of me recently … whilst reading an article on streamjacking from crypto investigatory firm Guardio I saw a visual which showed just how prolific this giveaway scam template is — likely being sold cheaply on the dark web as a DIY giveaway scam package, potentially also alongside the malware that’s often used to steal credentials in order to streamjack and maximise the reach of the website.
Guardio also connected many of these sites back to Russian origins and specifically to a threat actor who rose to prominence in 2022, Vermux, for malicious advertising techniques which stole credentials and information from user’s devices. As with my research, Guardio found that each scam page used a new crypto address, staying online for a few days at a time before moving the funds into a consolidation account to start the cash out process. Guardio’s research found that each scam’s success ranged but some saw up to $30,000 coming in from victims. This certainly tallies with my research and puts the potential damage into the $millions across the many many instances of these streamjacking and fake giveaway websites.
With text to video advancements like Sora, it’s important now more than ever to stay vigilant for deep fake scams and ensure that you’re taking that extra moment to pause and reflect on whether an opportunity is real or too good to be true. Plus if you see a website with this design or similar take note — it’s a scam!
Visit www.web6coins.com to learn more about the red flags of crypto scams.
Originally published at https://www.linkedin.com.