Fake crypto mining - ReceiveVoucher2

Detects a malicious DApp that requires a mobile browser UA and offers fake liquidity mining while presenting fake audit reports.

References

IOK Rule (edit)

title: Fake crypto mining - ReceiveVoucher2

description: |
    Detects a malicious DApp that requires a mobile browser UA
    and offers fake liquidity mining while presenting fake audit reports.

references:
    - https://urlscan.io/result/c98381dc-03b8-4ffe-916e-3f67144ce40e/
    - https://urlscan.io/result/e764274a-defa-4bb3-94ac-23602bde109e/
    - https://urlscan.io/result/fccfeee7-0012-4b0c-a230-89298f6dde0e/
    - https://urlscan.io/result/2662d904-e748-4e9b-b541-5c060258df59/
    - https://urlscan.io/result/20516e77-a31c-45ce-b8d3-0d82e98cfb31/
    - https://urlscan.io/result/4e672f95-9fb7-41bb-b50e-fef9fac5ef4b/

detection:

    identifier1:
      js|contains|all:
        - 'Remind'
        - 'Please visit in the wallet'
        - 'You are currently visiting a decentralized website'
        - 'Receive voucher'
        - 'Join the node and start'
        - 'the first login reward'
        - 'Mining Pool'
        - 'liquidity mining income'

    identifier2:
      html|contains|all:
        - "Remind"
        - "visit in the wallet"
        - "You are currently visiting a decentralized website"

    condition: identifier1 or identifier2

tags:
  - cryptocurrency