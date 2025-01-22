Interest in crypto-stealing drainers surges

Dark web threads discussing crypto-drainers – malware designed to swiftly drain cryptocurrency wallets – saw a significant rise in 2024, as revealed by the latest Kaspersky Security Bulletin.

Kaspersky also reported a 40% spike in corporate database ads on a prominent dark web forum, highlighting cybercriminals’ growing focus on data breaches.

Additional trends include a shift of cybercriminals from Telegram back to forums, the proliferation of stealers and drainers via Malware-as-a-Service, a rise in various types of cyberthreats targeting the Middle East, and more.

A surge in interest for crypto-drainers

In 2024, Kaspersky Digital Footprint Intelligence experts saw a notable surge of interest in crypto-drainers across dark web markets. A drainer is a type of malware that emerged around three years ago and is designed to trick its victims into authorising fraudulent transactions to steal funds from their wallets.

Common methods include fake airdrops, phishing sites, malicious browser extensions, deceptive ads, malicious smart contracts, and fake NFT marketplaces.

The number of dark web threads discussing drainers increased by 135%, from just 55 in 2022 to 129 in 2024. In these threads, cybercriminals discuss various topics, ranging from buying and selling this type of malicious software to assembling teams for distribution, and beyond.

“In light of this trend, the interest of cybercriminals in crypto-drainers and related attacks is likely to grow further in 2025,” says Alexander Zabrovsky, a security expert at Kaspersky Digital Footprint Intelligence. “This means crypto enthusiasts need to be more vigilant than ever, adopting robust crypto security measures.

“Meanwhile, companies should focus on educating their customers and employees while actively monitoring their online presence to reduce the risk of successful attacks. Drainers often employ social engineering tactics to ultimately steal funds. They may be exploiting well-known wallet and exchange brands to lure victims into revealing their wallet information or making fraudulent transactions.

“Regularly searching for brand mentions on search engines, social media, and marketplaces is essential. If any phishing or fraudulent sites are identified, they can be taken down promptly, preventing potential victims from falling prey to these scams. Utilising dedicated tools can greatly enhance this monitoring process.”

The rise in advertisements for alleged data breaches

Other threats expected to gain momentum in 2025, include data breaches and leaks. Kaspersky researchers have observed a rise in corporate database advertisements on one of the popular shadow forums.

Specifically, the number of posts buying and selling databases increased by 40% between August and November 2024, compared to the same period the previous year.

While some of this growth may partially stem from reposting of older leaks, cybercriminals are clearly interested in distributing leaked data – whether new or old.

“Not every advertisement of a data breach on the dark web stems from a genuine incident. Some ‘offers’ may simply be well-marketed materials. For example, certain databases might combine publicly available information or previously leaked data, presenting it as breaking news. By making such claims, cybercriminals can generate publicity, create buzz, and tarnish the reputation of the targeted company simply by announcing a data breach. This underscores the growing importance of monitoring corporate mentions and assets on the dark market, allowing for proactive defense and immediate response,” says Zabrovsky.

Given the rising trend of supply chain and similar attacks, 2025 is anticipated to witness an increase in data breaches overall, particularly those stemming from attacks on major companies’ contractors.

Other emerging trends on the dark web market in 2025 include: