The Russian-speaking cybercrime syndicate known as Crazy Evil has orchestrated over ten sophisticated social media scams, deceiving victims into downloading malicious software such as StealC, AMOS, and Angel Drainer. Since its emergence in 2021, Crazy Evil has become a formidable force in the cybercriminal world, employing tactics like phishing, identity theft, and malware to pilfer cryptocurrency.

Organizational Structure and Operations

Security researchers have identified six subgroups within Crazy Evil, named AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND. Each team targets specific victim profiles with tailored scams. The group is led by a threat actor known on Telegram as "Abraham" (@AbrahamCrazyEvil).

Malware Arsenal

Crazy Evil's toolkit includes various malware strains, notably the Stealc and AMOS infostealers, which are designed for both Windows and macOS platforms. The group has been linked to over ten active scams, such as Voxium and Rocket Galaxy, which use customized lures to ensnare victims.

  • Targeting Cryptocurrency Users: The group specifically preys on cryptocurrency users and influencers with spearphishing tactics.
  • Traffer Team: Crazy Evil operates as a "traffer team," redirecting legitimate traffic to malicious sites.

Financial Impact and Recruitment

Crazy Evil targets high-value victims, referred to as "mammoths," to steal digital assets like cryptocurrencies, payment cards, online banking credentials, and NFTs. Since 2021, the group has accumulated over $5 million through phishing scams, with individual victim losses ranging from $0.10 to more than $100,000.

Affiliate Network

The group actively recruits affiliates, requiring proficiency in deploying fully undetectable (FUD) infostealers for Windows and macOS, and manipulating hardware cryptocurrency wallets through techniques like address poisoning. Experience with Ledger and Trezor devices is essential, alongside expertise in setting up phishing landing pages.

  • Training and Mentorship: Crazy Evil provides training materials and assigns new recruits to experienced mentors, known as "curators," to ensure a well-trained network.

Persistent Threat and Internal Challenges

Crazy Evil focuses on the Web3 and decentralized finance sectors, maintaining a strong presence on dark web forums and collaborating with other cybercrime groups and malware developers. However, like many cybercriminal organizations, its greatest vulnerability lies in internal discord.

As the group expands, the risk of exit scams and splintering increases, a common downfall for such entities. The report highlights that internal strife poses a significant threat to the continuity of operations for groups like Crazy Evil.

The link has been copied!