chat
expand_more

BTC Era Impersonated in Malware Attack

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise...
August 24, 2020

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise to install malware on recipients' devices.

Summary of Attack Target

  • Platform: Office 365
  • Email Security Bypassed: Office 365
  • Payload: Malicious Link
  • Technique: Brand Impersonation

Overview of the BTC Era Impersonation Malware Attack

The attack impersonates an automated email from BTC Era, a platform for trading cryptocurrency. However, the email is actually sent from aurinekevinlola@gmail.com. The sender addresses the recipient by name, and the email states that the recipient has been approved to make a BTC transaction, which requires a minimum deposit of $250 to start. Following this is a concealed URL with text that reads “create an account”.


Clicking on the “create an account” link leads to multiple redirects, before landing on “theverifycheck.com” webpage. Upon arriving at this landing page, a pop-up alert requests permission to show notifications from the website. After clicking “Allow” the landing page remains static.

By clicking “Allow”, the user has actually given permission for Adware to run on their device. It only appears that nothing has happened. Going into chrome settings, the user would be able to see that the website is running Malwarebytes, thus rendering their devices as tools to monitor user behavior, as well as launch ads and spam targeting the user.

Why the BTC Era Impersonation Malware Attack is Effective

The attack impersonates an email from BTC Era, where anyone can trade on the platform. This is an effective method to install malware if overlooked by the recipient. The URL is hosted through Constant Contact, an email marketing provider, although the email body implies the link leads to an account setup page through BTC Era. By concealing the URL, the recipient is likely to click on it and see what follows.

Furthermore, utilizing bulk email services is an easy way to deliver a widespread attack to multiple recipients at the same time. It takes less effort than spoofing emails and is more effective in casting a wide net to catch unsuspecting recipients.

Abnormal can catch this attack due to the unusual sender, the redirect links detected, and the clear name impersonation. Combined with the fact that the email contains texts and spaces at a size zero—common among email attackers–we can determine that this email is malicious.

Learn more about how Abnormal classifies malicious emails by seeing a demo today.

BTC Era Impersonated in Malware Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B 07 22 24 MKT624 Images for Paris Olympics Blog
Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.
Read More
B Cross Platform ATO
Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.
Read More
B Why MFA Alone Will No Longer Suffice
Explore why account takeover attacks pose a major threat to enterprises and why multi-factor authentication (MFA) alone isn't enough to prevent them.
Read More
B NLP
Learn how Abnormal uses natural language processing or NLP to protect organizations from phishing, account takeovers, and more.
Read More
B DK Compromise 7 11 24
Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.
Read More
B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More