AICoin is an intelligent market tool platform serving the world, providing cryptocurrency practitioners with real-time currency market data, including price changes, trading volume, market value and other key information. It is a commonly used analysis tool by cryptocurrency investors and traders, and has therefore become the target of counterfeiting by fake APP currency stealing gangs.

Recently, bitrace has received several cases in which victims downloaded fake AICoin, resulting in the theft of cryptocurrency. This article aims to expose this method by analyzing typical cases.

Analysis of scam techniques

What the victim encountered was typical browser keyword bidding and phishing links to steal money.

On January 9, 2024, the victim searched for the keyword "AIcoin" in Google Chrome, and clicked on the first link displayed on the homepage (https://aicoims\[.\]com) to enter the counterfeit official website and download the application Shortly afterwards, all chain assets of the browser plug-in wallet in the victim's device were emptied, and the BSC chain alone suffered a loss of more than 160,000 US dollars.

After receiving the report, bitrace investigators immediately conducted a keyword search on Google Chrome. The first link displayed on the homepage was indeed a false "sponsored" link, and the links displayed by different network IPs were also different.

Google search results for AICoin

After entering the link, I found that there was a big gap between the style and layout of the fake website and the genuine AIcoin website.

AICoin 盜版(ć·Š)æ­Łç‰ˆ(揳)ç¶Čé ć°æŻ”Comparison of AICoin pirated (left) genuine (right) web pages

But even so, there are still many victims who are deceived. According to the case-related information provided by the fake AICoin victims, bitrace found that the coin stealing gang has carried out thefts on at least 7 different victim addresses on multiple chains, which also implies that There are still more potential victims who have had their liquidity drained through other channels.

Fake AICoin is just the tip of the iceberg

In addition, after conducting network engineering analysis on the fraudulent website, we found that the fake AICoin APP is just the tip of the iceberg.

The server IP of the fraudulent website aicionzh-cn.cn is: 202.61.84.135, located in the Asia-Pacific region, and the server backend is built using a pagoda panel. Using the IP reverse analysis tool to further dig into the server, the results showed that in addition to providing fake AICoin, the server also set up download pages for various software such as fake skype and fake signal, and there were as many as 26 fraudulent websites.

Entering any one of them, the pirated webpage is almost the same as the genuine webpage. After the user clicks to install the APP, a Trojan horse will be implanted in the computer or mobile phone.

äœżç”šÂ SecurityTrailsÂ è§ŁæžÂ IP:202.61.84.135Use SecurityTrails to resolve IP:202.61.84.135

This shows that fraudsters are using APPs commonly used by cryptocurrency practitioners as imitations to carry out theft. They are not only limited to imitating fake wallet APPs directly related to mnemonic phrases, but have also "expanded their business" to other fake VPN installations related to cryptocurrency. Package, fake market APP, fake communication APP, fake exchange APP and other necessary software for practitioners, which greatly increases the opportunities for potential victims to come into contact with fraudulent information.

write at the end

It is not difficult to see that criminals have developed highly targeted strategies based on their understanding of the target group, and use rapidly iterative encryption fraud techniques to deceive users from multiple angles and aspects. Fortunately, the victim in this case made a timely report, and with the cooperation of multiple security vendors, the stolen funds were successfully intercepted and law enforcement officers were assisted in capturing the suspect, allowing some of the losses to be recovered.

Bitrace reminds everyone that for cryptocurrency practitioners, mobile phones and computers are mobile treasury. You should be cautious before downloading any APP and make sure to obtain it from official channels. If you unfortunately suffer a loss, please feel free to contact us and Bitrace will provide as much help as we can.