The encrypted malware Inferno Drainer is running despite public shutdown. It has been used for the past six months to steal more than $9 million from Crypto Wallets.
According to a checkpoint survey by cybersecurity firms, more than 30,000 crypto wallets have been released by a revived malware campaign, and the developer claims they stopped operations in November 2023.
Dive deep into Inferno Drainer Reoded: fully revealing mismatch phishing attacks via malicious smart contract tracing, decrypting drainer configurations, and fake Collabland Bots. Over 30,000 new victims in just six months. https://t.co/xgcg9aamru
– Check Point Research (@_cpresearch_) on May 7, 2025
A CPR spokesman said Decryption This diagram is based on “data obtained from reverse engineering the drainer’s JavaScript code, decrypting configurations received from the C&C server and analyzing activity on the chain.” Most observed was on Ethereum and Binance Chainthey added.
CPR analysts reported Inferno’s drain Smart Contract The rollout in 2023 is active to this day, but the current version of the malware appears to have been improved in previous iterations.
Malware is reportedly able to use single-use smart contracts and on-chain encrypted configurations, making detecting and preventing attacks much more difficult. Additionally, command and control server communications are obfuscated through proxy-based systems, meaning that tracking is even more difficult.
The revival of Inferno Drainer is alongside a phishing campaign targeting Discord users. According to CPR analysts, the campaign leveraged social engineering techniques to redirect users from legitimate Web3 project websites to a counterfeit site mimicking the popular Discord Bot Collab.land validation UX. The Fake Collab.land site hosted cryptocurrency drains. This allowed the victim to sign malicious transactions and allow the attacker to access the funds.
By combining “targeted deceptions and effective social engineering tactics,” the malware campaign has produced “stable financial flows identified through blockchain transaction analysis,” CPR analysts said.
Cryptographic users are advised to take special care whenever they are interacting with unfamiliar platforms. The fake collaborations identified by CPR include only “subtle visual differences” in legitimate bots, and the cybercriminals behind the deception are likely to “continue to refine their imitation,” the researchers said.
The legal Collab.land Service stated that if a fake bot appears, “even experienced cryptocurrency users could lower their guard.”
The revival of Inferno Drainer has been just one of many malware campaigns in recent months. Hackers are using increasingly sophisticated techniques to provide malware that steals cryptography, preloading Trojans with hacked mailing lists, open source Python libraries, and even counterfeit Android phones.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
