Cybersecurity experts have revealed an extensive phishing operation called FreeDrain, designed to steal digital assets from cryptocurrency wallets. Using search engine optimization (SEO) tactics and free web services, FreeDrain has created over 38,000 sub-domains to mislead users searching for wallet-related information. The malicious campaign targets individuals looking for legitimate wallet queries, redirecting them to phishing pages that resemble legitimate wallet interfaces. The operation is believed to be run by individuals in the Indian Standard Time zone, and its methods have been meticulously crafted to ensure unsuspecting victims easily give up their private data.
"FreeDrain uses SEO manipulation, free-tier web services ... and layered redirection techniques to target cryptocurrency wallets," security researchers stated.
"Victims search for wallet-related queries, click on high-ranking malicious results ... and are redirected to phishing pages that steal their seed phrases."
"The scale of the campaign is reflected in the fact that over 38,000 distinct FreeDrain sub-domains ... have been identified."
"The entire flow is frictionless by design, allowing unsuspecting users to easily fall prey to these phishing attacks."
Collection
[
|
...
]