Crypto Is the Target of a Crazy Evil Gang Using StealC, AMOS, and Angel Drainer Malware

A Russian-speaking cybercrime gang called Crazy Evil has been linked to multiple social media scams aimed at stealing identities, cryptocurrencies, and sensitive information. Operating since at least 2021, the group specializes in redirecting legitimate traffic to phishing pages, where victims unknowingly install malware like StealC, Atomic macOS Stealer (AMOS), and Angel Drainer.

Crazy Evil has reportedly generated over $5 million in illicit revenue and compromised tens of thousands of devices globally. Unlike traditional fraud schemes, it focuses on stealing digital assets such as NFTs, cryptocurrencies, payment cards, and online banking accounts. The group operates mainly on Telegram, where it recruits affiliates and provides detailed guides on executing cyber scams.

The gang uses multiple sub-teams to spread malware under the guise of legitimate platforms, impersonating job boards, AI tools, virtual meeting software, and digital asset management services. Victims are tricked into downloading malicious software from fake websites, allowing the gang to steal sensitive information.

Meanwhile, the cybersecurity landscape has seen a rise in traffic distribution systems (TDS) like TAG-124, which hackers use to distribute malware. TAG-124, linked to various ransomware groups, operates through a network of compromised WordPress sites that deliver fake Chrome updates to infect unsuspecting users. Cybercriminals are also exploiting GitHub as a platform for hosting malware, making detection more challenging.

The growing sophistication of cybercrime groups like Crazy Evil underscores the need for stronger cybersecurity measures, particularly within the cryptocurrency, gaming, and software industries.