BTC Era Impersonated in Malware Attack

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise...
Author abnormal security
Abnormal Security
August 24, 2020

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise to install malware on recipients' devices.

Summary of Attack Target

  • Platform: Office 365
  • Email Security Bypassed: Office 365
  • Payload: Malicious Link
  • Technique: Brand Impersonation

Overview of the BTC Era Impersonation Malware Attack

The attack impersonates an automated email from BTC Era, a platform for trading cryptocurrency. However, the email is actually sent from aurinekevinlola@gmail.com. The sender addresses the recipient by name, and the email states that the recipient has been approved to make a BTC transaction, which requires a minimum deposit of $250 to start. Following this is a concealed URL with text that reads “create an account”.


Clicking on the “create an account” link leads to multiple redirects, before landing on “theverifycheck.com” webpage. Upon arriving at this landing page, a pop-up alert requests permission to show notifications from the website. After clicking “Allow” the landing page remains static.

By clicking “Allow”, the user has actually given permission for Adware to run on their device. It only appears that nothing has happened. Going into chrome settings, the user would be able to see that the website is running Malwarebytes, thus rendering their devices as tools to monitor user behavior, as well as launch ads and spam targeting the user.

Why the BTC Era Impersonation Malware Attack is Effective

The attack impersonates an email from BTC Era, where anyone can trade on the platform. This is an effective method to install malware if overlooked by the recipient. The URL is hosted through Constant Contact, an email marketing provider, although the email body implies the link leads to an account setup page through BTC Era. By concealing the URL, the recipient is likely to click on it and see what follows.

Furthermore, utilizing bulk email services is an easy way to deliver a widespread attack to multiple recipients at the same time. It takes less effort than spoofing emails and is more effective in casting a wide net to catch unsuspecting recipients.

Abnormal can catch this attack due to the unusual sender, the redirect links detected, and the clear name impersonation. Combined with the fact that the email contains texts and spaces at a size zero—common among email attackers–we can determine that this email is malicious.

Learn more about how Abnormal classifies malicious emails by seeing a demo today.

BTC Era Impersonated in Malware Attack

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

BC 5 31 23 Vendor Risks
Vendor Email Compromise
An Overview of Vendor Risks: Tips for Vendor Procurement and Security Assessments
Learn the biggest risks associated with your vendor relationships and how to protect your organization from Vendor Email Compromise (VEC) attacks.
Read More
B 5 30 23 Teams
Product
Teams Spirit: How Abnormal Protects Microsoft Teams From Advanced Threats
See how Abnormal's advanced security solutions protect Microsoft Teams workspace from malicious attacks and account takeovers.
Read More
Zoom BC
Product
Zooming In: How Abnormal Protects Zoom from Advanced Threats
Discover how Abnormal protects your Zoom messages and prevents attackers from using the application to breach your business.
Read More
B 5 22 23 SOC
Product
Three Ways Abnormal Streamlines Email Security and SOC Operations
Discover how Abnormal simplifies detection, enhances investigation, and automates remediation, increasing threat investigation efficacy at the SOC level.
Read More
B Phishing
Credential Phishing
What to Do After Receiving a Phishing Attack
Knowing what to do after receiving a phishing attack is essential for preventing costly consequences. Learn how to respond to Phishing attacks.
Read More
B 5 15 23 Israel BEC
Attack StoriesBusiness Email Compromise
Israel-Based Threat Group Launches Multi-Phase BEC Attacks Using an M&A Lure
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More