IOK Rules: cryptocurrency

Ethereum cryptocurrency wallet drainer - Iil1ililIl1iIl1ill1Ilii

Detects an Ethereum cryptocurrency wallet drainer that has a constant variable named Iil1ililIl1iIl1ill1Ilii.

SettingsJS Crypto Drainer d810a56

Detects a crypto drainer that has its own configuration file called settings.js.

SMU Crypto Drainer d9da4dc1

Detects a crypto drainer that hides commonly within the file named `utils.js` and has a seperate `showMess.js` file with functions used to send window alerts.

Cryptocurrency Giveaway wjUTKJ

Detects a fake cryptocurrency giveaway impersonating Elon Musk and promising to send back dobule (BTC, ETH, DOGE) that you send to the attacker's wallet. Distributed through Twitter phishing accounts.

Fake crypto mining - MiningPool

Detects a malicious DApp that pretends to be a cloud mining platform.

rusc Crypto Drainer f4180c6

Detects a crypto drainer that supports English & Russian in its logging messages. It also has its own configuration file called `import_main.js` and its main draining functionality in a file called `main.js`

finesse Crypto Drainer 9c933ae7

Detects a crypto drainer that usually appears on websites that impersonate the Discord Bots `MEE6` and `Dyno`.

Coinbase Phishing zG3nVT0g

Detects Coinbase recovery phrase scam websites. Often hosted on Glitch (https://glitch.com/).

Vitalik Buterin fake crypto giveaway cbn4xt8m

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. It asks you to send coins to a wallet to have them doubled.

Ethereum Wallet Drainer (Monkey Drainer)

Detects the "Monkey Drainer" phishing script kit

Fake crypto trading - yuebaoIndex

Detects a malicious DApp that pretends to be a trading platform that offers AI bots, lending, and mining.

Fake crypto mining - ReceiveVoucher4

Detects a malicious DApp that pretends to be a liquidity mining platform while presenting fake audit reports and partners. AJAX call to receive other contents.

trkrsrvrdb Crypto Drainer 14658cf1

Detects the crypto drainer named 'trkrsrvrdb' that uses the domain `trkrsrvrdb.com` to exfiltrate it's logs called from within the drainer script

Fake crypto giveaway coin selection b791myo4

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. Sometimes the scammer will pick a specific cryptocurrency to target, but in this case they decided to add a menu where the user can select a specific coin.

Fake crypto mining - ReceiveVoucher3

Detects a malicious DApp that pretends to be a liquidity mining platform while presenting fake audit reports. Older version of the fake-crypto-mining-noChrome rule.

Fake crypto mining - arbitrageProducts

Detects a malicious DApp that pretends to be a cloud mining operator and an AI arbitrage trading platform.

Asli Crypto Drainer ea8f67e

Detects a family of crypto drainers that utilises a similarly structured landing page.

Fake crypto trading - warmReminder

Detects a malicious DApp that requires injected Web3 to gain access to the fake trading and mining offers.

hardteam Crypto Drainer f42d93a4

Detects the crypto drainer named 'hardteam' that uses the domain `hardteam.site` to exfiltrate it's logs called from within the drainer script located in the file `drainer_v4.js`

ToastrJS Crypto Drainer 0d0f9db

Detects a crypto drainer.

Amazon Token Cryptocurrency Scam SHFXgk

Detects a cyptocurrency phishing kit targeting Amazon. It claims to offer an Amazon (AMZ) token pre-sale and leads to an exchange where you can swap cryptocurrencies for this fake token. This was found as a result of this kit being deployed on Replit.

Ark Investment Crypto Phishing Kit 3465f6c

Detects a crypto phishing kit using Ark Investment as proof of the giveaway being legitmate, this kit also uses people like Elon Musk to lure victims.

Fake crypto mining - noChromium

Detects a malicious DApp that force redirects when it detects the use of a Chromium based browser. Pretends to be a liquidity mining platform while presenting fake audit reports.

Fake crypto mining - DeFi_Mining

Detects a malicious DApp that pretends to be a mining platform.

Fake crypto mining - ReceiveVoucher2

Detects a malicious DApp that requires a mobile browser UA and offers fake liquidity mining while presenting fake audit reports.

Fake crypto mining - ReceiveVoucher

Detects a malicious DApp that pretends to be a cloud mining platform while presenting fake audit reports.

Solana cryptocurrency wallet drainer - tokenup

Detects a Solana cryptocurrency wallet drainer that fakes the number of minted NFTs to initiate Fear of Missing Out (FOMO) against the victim.

Elon Musk fake crypto giveaway xfve5qjx

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. It asks you to send coins to a wallet to have them doubled.

Fake crypto mining - inviteRequired

Detects a malicious DApp that requires injected Web3 and invitation code to gain access to the fake mining offer.

crew3 Crypto Drainer 0827f6e1

Detects the crypto drainer created by a Chinese threat actor that is hidden within the file named `main.69e3e80e.js` commonly hosted on a subdomain with the apex domain being either `server-crew3.xyz` or `web3-crew3.xyz`

FauxMoralis Crypto Drainer 6a3cac21

Sites that contact this domain are websites that will drain a user's crypto wallet using a piece of javascript code known as a 'crypto drainer'. Due to this domain imitating the real Moralis API it has been named FauxMoralis to reflect this.

OpenSea Phishing 389-9bec97c22fa2e411

Detects OpenSea wallet drainers - mystery box scam. Often hosted on Vercel (https://vercel.com/).