Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Last week, specialists from the MyCrypto platform stumbled upon a suspicious site that converted bitcoin addresses to QR codes.
Although there are many such services out there, researchers quickly realized that the site was malicious. So, instead of converting the entered bitcoin address into its QR code equivalent, the site always generates the same QR code for the fraudster's wallet. That is, if a user shares such a QR code with another person or places it on his website to collect donations, all the money will eventually be transferred to the address of the criminal.
Soon, researchers were able to identify eight more similar sites with the same interface. This suggests that all resources were created by the same scammer. Fake QR code generators are found at:
• bitcoin-barcode-generator.com;
• bitcoinaddresstoqrcode.com;
• bitcoins-qr-code.com;
• btc-to-qr.com;
• create-bitcoin-qr-code.com;
• free-bitcoin-qr-codes.com;
• freebitcoinqrcodes.com;
• qr-code-bitcoin.com;
• qrcodebtc.com.
These nine sites generate QR codes for five different Bitcoin addresses. According to MyCrypto specialists, more than 7 BTC (45,000 at the current exchange rate) have already been transferred to these wallets. And, most likely, these were the means of deceived users.
Using PassiveTotal, a threat analysis platform from RiskIQ, the researchers were able to trace malicious sites to three web servers. Also with the help of PassiveTotal, it was possible to understand that these servers host more than 450 other sites, all with suspicious domains containing keywords such as "Gmail", "coronavirus" and various brands, mainly related to cryptocurrency.
Also, the so-called bitcoin transaction accelerators are hosted on web servers. Sites of this kind ask users to enter a transaction ID and promise to "speed up" the approval process on the blockchain. These are the resources:
Although there are many such services out there, researchers quickly realized that the site was malicious. So, instead of converting the entered bitcoin address into its QR code equivalent, the site always generates the same QR code for the fraudster's wallet. That is, if a user shares such a QR code with another person or places it on his website to collect donations, all the money will eventually be transferred to the address of the criminal.
Soon, researchers were able to identify eight more similar sites with the same interface. This suggests that all resources were created by the same scammer. Fake QR code generators are found at:
• bitcoin-barcode-generator.com;
• bitcoinaddresstoqrcode.com;
• bitcoins-qr-code.com;
• btc-to-qr.com;
• create-bitcoin-qr-code.com;
• free-bitcoin-qr-codes.com;
• freebitcoinqrcodes.com;
• qr-code-bitcoin.com;
• qrcodebtc.com.
These nine sites generate QR codes for five different Bitcoin addresses. According to MyCrypto specialists, more than 7 BTC (45,000 at the current exchange rate) have already been transferred to these wallets. And, most likely, these were the means of deceived users.
Using PassiveTotal, a threat analysis platform from RiskIQ, the researchers were able to trace malicious sites to three web servers. Also with the help of PassiveTotal, it was possible to understand that these servers host more than 450 other sites, all with suspicious domains containing keywords such as "Gmail", "coronavirus" and various brands, mainly related to cryptocurrency.
- 244.100.245 ( list of hosted domains );
- 244.100.241 ( list of hosted domains );
- 244.100.244 ( list of hosted domains ).
Also, the so-called bitcoin transaction accelerators are hosted on web servers. Sites of this kind ask users to enter a transaction ID and promise to "speed up" the approval process on the blockchain. These are the resources:
- bitcoin-transaction-accelerator.com;
- transaction-accelerator.com;
- bitcoin-tx-transaction-accelerator.com;
- viabtc-transaction-accelerator.com.
