Kaspersky research identified a significant increase in discussions on the dark web regarding crypto drainers, a form of malware, with the number of associated threads increasing by 135% between 2022 and 2024.
According to Kaspersky’s findings, crypto drainers are designed to execute fraudulent transactions to steal digital currency. The methods used by these drainers include fake airdrops, phishing websites, malicious browser extensions, deceptive ads, malicious smart contracts, and counterfeit NFT marketplaces.
The rise of discussions on the dark web is a striking indication of cybercriminals’ growing interest in deploying such malware. “In light of this trend, cybercriminals’ interest in crypto drainers and related attacks is expected to grow further in 2025,” said Alexander Zabrovsky, security expert at Kaspersky Digital Footprint Intelligence. He continued: “This means crypto enthusiasts need to be more vigilant than ever, adopting robust crypto security measures. During this time, businesses should focus on educating their customers and employees while actively monitoring their online presence to reduce the risk of successful attacks.
Zabrovsky also noted that cybercriminals’ adoption of social engineering tactics often involves exploiting well-known wallet and exchange brands to trick victims into providing wallet information or authorizing fraudulent transactions. He said: “It is essential to regularly search for brand mentions across search engines, social media and marketplaces. If phishing or fraudulent sites are identified, they can be removed quickly, preventing potential victims from falling prey to these scams. can greatly improve this monitoring process.
In addition to the increase in cryptocurrency drainer activity, Kaspersky reported a 40% increase in advertising of corporate databases on dark web forums. These observations reveal a broader trend, with cybercriminals showing increasing interest in data breaches and leaks. Kaspersky experts suggest that while some of these ads may be for older leaks, the focus is clearly on distributing new and old leaked data.
“Not every announcement of a data breach on the dark web comes from a real incident,” Zabrovsky warned. “Some ‘deals’ may simply be well-marketed materials. For example, some databases may combine publicly available information or previously leaked data, presenting it as breaking news. By making such claims, cybercriminals can generate publicity, create buzz and tarnish the reputation of the targeted company simply by announcing a data breach. This highlights the growing importance of monitoring the company’s mentions and assets in the market. black, allowing defense proactive and immediate response.
The study also indicates a shift in the cybercrime landscape, with platforms like Telegram returning to forums, increased law enforcement actions, and increased interest in malware as a service. This change could lead to the creation of smaller, harder-to-detect ransomware groups, potentially expanding the market for data stolen from ghost forums.
Kaspersky experts also warn of an escalation of threats in the Middle East, where hacktivism could continue to grow due to ongoing geopolitical tensions. Ransomware attacks are expected to increase in the region, as evidenced by the increase in victims from 28 per semester in 2022-2023 to 45 in the first half of 2024.
To combat these threats, individuals are advised to use comprehensive security solutions, while businesses should actively monitor the dark web for signs of threats to their business assets. Kaspersky Digital Footprint Intelligence has designed a playbook to help organizations respond to dark web activities involving their entity.
