Crypto drainers, malware designed to steal cryptocurrency, have become easier to access as the ecosystem evolves into a software-as-a-service (SaaS) business model.
In an April 22 report, crypto forensics and compliance firm AMLBot revealed that many drainer operations have transitioned to a SaaS model known as drainer-as-a-service (DaaS). The report revealed that malware spreaders can rent a drainer for as little as 100 to 300 USDt (USDT).
AMLBot CEO Slava Demchuk told Cointelegraph that “previously, entering the world of cryptocurrency scams required a fair amount of technical knowledge.” That is no longer the case. Under the DaaS model, “getting started isn’t significantly more difficult than with other types of cybercrime.”
Demchuk explained that would-be drainer users join online communities to learn from experienced scammers who provide guides and tutorials. This is how many criminals involved with traditional phishing campaigns transition to the crypto drainer space.
Related: North Korean hackers target crypto devs with fake recruitment tests
Cybercrime in Russia — almost legal
Groups offering crypto drainers as a service are increasingly bold and some are evolving almost like traditional business models, Demchuk said, adding:
“Interestingly, some drainer groups have become so bold and professionalized that they even set up booths at industry conferences — CryptoGrab being one such example.“
When asked how a criminal operation can send representatives to information technology industry events without repercussions, such as arrests, he pointed to Russian cybercrime enforcement as the reason. “This can all be done in jurisdictions like Russia, where hacking is now essentially legalized if you’re not operating across the post-Soviet space,” he said.
The practice has been an open secret in the cybersecurity industry for many years. Cybersecurity news publication KrebsOnSecurity reported in 2021 that “virtually all ransomware strains” deactivate without causing harm if they detect Russian virtual keyboards installed.
Similarly, the information stealer Typhon Reborn v2 checks the user’s IP geolocation against a list of post-Soviet countries. According to networking firm Cisco, if it determines that it is located in one of those countries, it deactivates. The reason is simple: Russian authorities have shown that they will act if local hackers hit citizens of the post-Soviet bloc.
Click Here to Read the Full Original Article at Cointelegraph.com News…