The fraudsters have flooded discords and other social media platforms with advertisements for hundreds of polish online gaming and wagging websites that entice people with free credit and eventually escape with any cryptocurrency funds deposited by the players. There is a look at social engineering strategy and notable symptoms of this huge network of more than 1,200 scam sites.
The scam begins with misleading advertisements posted on social media who claim that popular social media is working in partnership with personalities, such as Sri animalWho has recently launched a gaming business Animal gameAdvertisement always suggests that by using a supplied “promo code”, interested players can claim $ 2,500 credits on advertised gaming websites.
An advertisement posted on a discord channel for a scam gambling website that the proprietors falsely claim that the Internet personality was working in collaboration with Mr. Beast. Picture: reddit.com
Gaming sites require all users to create a free account to claim their $ 2,500 credits, which they can use to play highly polished video games in any number that ask users to bet on each action. For example, in the scam website Juaribast (.) Com, visitors can choose from dozens of sports B-ball blitzIn which you play a basketball pro, who is taking shots from a free throw line against a single rival, and you bet on your ability to sink each shot.
The financial part of this scam begins when users try to cash in any “win”. At that point, the gaming site will reject the request and motivate the user to create a “verification deposit” of cryptocurrency – usually approximately $ 100 – before distributing any money. Those who submit cryptocurrency funds are asked for additional payment soon.
https://www.youtube.com/watch?v=lnjqxiq1s5g
However, any “win” displayed by these gaming sites is a complete imagination, and the players who deposit the cryptocurrency funds will never see that money again. Reducing the problem, the possibility of the victims will soon be found with people coming from “recovery experts”, who describe suspicious claims on social media networks about being able to get lost funds in such scams.
Krebsonsecurity first learned from a discard user about this network of Phone betting sites, which was only asked to identify by their screen name: “Therelo“Is a 17 -year -old developer, who operates several discord servers and said that he began deeply digging after complaining of misleading spam messages to users that they promote sites.
“We were constantly being spared by the positions of these scams from compromise or purchased (discord) accounts,” said Theralo. “I was disappointed by just banning and removing, so I started investigating the infrastructure behind scam messages. It is not a single site, it is a scalable criminal venture with a clear playbook, technical fingers and financial infrastructure.”
After comparing the code on promoted gaming sites through spam messages, there was found that they all call on the same API key for an online chatbot that appears in limited use or custom-made. In fact, a scan for that API key on the danger stage Silent push At least 1,270 reveals the recently registered and active domains, whose names invite all types of gaming or waging themes.
The “verification deposit” phase of the scam requires the user to submit cryptocurrency to withdraw its “win”.
Theralo said that the operators of this scam empire produce a unique bitcoin wallet for each gaming domain that they deploy.
“This is a decoy wallet,” Theralo explained. “Once the victim accumulates money, they can never withdraw any money. Any attempt to contact Live support ‘is controlled by a combination of AI and human operators that eventually blocks the user. The chat system is self-hosted, making it difficult to report to third party service providers.”
TheRello discovered another feature for all these scam gambling sites (after that simply referred to as “scamming” sites): If you register on one of them and then very quickly try to register on the same internet address and device on the same internet address and device, the registration request is rejected on another site.
“I registered on one site, then stopped to re -register the other,” said there. Instead, the second site returned an error saying that a new account cannot be created for another 10 minutes.
The scam gaming site Spinora dot CC shares the same chatbot API as more than 1,200 similar fake gaming sites.
“They are tracking my VPN IP throughout their network,” Theralo explained. “My password manager also proved it. It tried to use my dummy email, the site on which I had ever visited, and the site had already explained me in existence. So it is definitely a unit that is running a single platform with 1,200+ different domain names, which is the form of different domain names as front-ends. A central pool of.
In many ways, these scary sites borrow from the playbook of “pig butcher” schemes, a large -scale and somewhere more elaborate offenses in which people are gradually whispered by online bubbly strangers in investing in fake cryptocurrency trading platforms.
The pig butcher scams are usually operated by people in Asia who have been kidnapped and threatened with physical damage or worse until they sit on the Internet throughout the day in a cubical and scam in Western people. Conversely, these scamming sites start stealing very little money from individual victims, but their cookie-nature and automatic support component can enable their operators to withdraw payment from a large number of people in a very short time, and with a significant risk and up-front investment.
Silent push Zach Edwards Said that the owners of this scary empire are spending big money to see the sites and feel like some fancy new types of casinos.
Edwards said, “This is a very strange type of pig butcher network and does not like what we usually see is with very little investment in sites and lers.”
Here is a list of all domains that were found to be silent push, which were using the chat API of the scamming network.
