A report lifts the veil on “Impulse Team”, a service that industrializes the cryptocurrency scam

Cryptocurrency scams are now an integral part of social networks, like the fraudulent messages sent massively and daily to Twitter users. A report posted Tuesday, June 6 by the company specializing in IT security Trend Micro lifts the veil on a Russian-speaking player who has industrialized cryptocurrency fraud.

The scam itself is very well known: it consists of making its victim believe that he is being offered an attractive sum in bitcoins or other currencies on a platform. Once registered, however, the target of this fraud cannot withdraw the funds until they have made a deposit. The money usually goes into the pocket of the scam manager, and the victim never receives the funds they were promised.

The actor identified by Trend Micro, dubbed “Impulse Team”, has been active since at least 2021 on Russian-speaking cybercriminal discussion forums. He offers his clients to help them quickly set up and easily manage the fake cryptocurrency platforms used to trick their victims. Once he has created one or more domain names, the scammer registers with Impulse, for a fee that Trend Micro has not been able to determine. Each affiliate can thus manage their sites from a single portal, monitor the deposits made by the victims on the crypto wallets generated by “Impulse Team”, thus saving a lot of time in the management of the infrastructure dedicated to their operations.

A portal to monitor every victim deposit

This new study demonstrates the very effective division of labor that takes place in the various cybercriminal environments. From ransomware attacks to bank data theft, these sectors often operate thanks to the sale of underground services marketed by hackers or groups of hackers specialized in specific tasks: development, networks of fake accounts, sale of personal data or even intrusion into targeted computer systems.

During their investigation, Trend Micro researchers identified more than a thousand sites used for this type of cryptocurrency fraud in connection with Impulse Team. “Variations in the methods used for these recordings [de noms de domaines] allow us to estimate around thirty the number of affiliates “, that is to say Impulse Team customers, explains to the Monde Cédric Pernet, expert for Trend Micro.

However, the infrastructure of this scam manager does not include cryptocurrency laundering tools or networks used to target victims. As the report points out, each “affiliate” must then carry out their own scam campaign, for example by creating networks of fake social media accounts. During their investigation, the Trend Micro researchers thus discovered different methods according to the “affiliates”, ranging from messages sent on Twitter to advertisements on TikTok. In one case, they even discovered a fake version of Scamdoc, a site often used by Internet users to judge the reliability of a domain name and avoid scams. This false version noted as reliable sites actually designed for theft of cryptocurrencies.

It is difficult, without having access to the wallets used by Impulse and its affiliates, to quantify the sums stolen from the victims of the structure’s customers. On a Telegram chat channel, Impulse Team has been automatically broadcasting the amounts paid on each platform of this vast network since December 2022, but Trend Micro strongly suspects that these amounts have been tampered with by the operator(s), in order to attract more new cybercriminals in the program.