Detects a crypto drainer that supports English
& Russian in its logging messages.
It also has its own configuration file called
`import_main.js` and its main draining functionality
in a file called `main.js`
Detects the crypto drainer created by a Chinese
threat actor that is hidden within the file named
`main.69e3e80e.js` commonly hosted on a subdomain
with the apex domain being either `server-crew3.xyz`
Detects a cyptocurrency phishing kit targeting Amazon. It claims to offer an Amazon (AMZ) token pre-sale and leads to an exchange where you can swap cryptocurrencies for this fake token.
This was found as a result of this kit being deployed on Replit.
Detects a scam giveaway landing page which claims to host a large cryptocurrency event.
Sometimes the scammer will pick a specific cryptocurrency to target, but in this case they decided to add a menu where the user can select a specific coin.