A sophisticated Russian-speaking cybercrime organization, known as “Crazy Evil,” has been identified as the perpetrator behind multiple social media scams targeting cryptocurrency and personal information. The group, active since 2021, specializes in identity fraud, cryptocurrency theft, and information-stealing malware distribution.

Key Operations:
– Utilizes a network of “traffers” to redirect legitimate traffic to malicious sites
– Deploys various malware including StealC, AMOS, and Angel Drainer
– Targets both Windows and macOS users
– Generated over $5 million in illicit revenue

Organizational Structure:
The group operates through Telegram (@CrazyEvilCorp) with over 4,800 subscribers and is allegedly run by @AbrahamCrazyEvil. It comprises six specialized sub-teams:
1. AVLAND: Job offer and investment scams
2. TYPED: AI software impersonation
3. DELAND: Community platform schemes
4. ZOOMLAND: Communication app impersonation
5. DEFI: Digital asset management fraud
6. KEVLAND: AI meeting software scams

Attack Methodology:
– Conducts extensive reconnaissance before targeting victims
– Creates sophisticated phishing campaigns
– Uses legitimate-looking websites to distribute malware
– Focuses on stealing NFTs, cryptocurrencies, and banking credentials

The group’s success has made it a model for other cybercriminal organizations, particularly following the exit of competing groups Markopolo and CryptoLove. Security experts warn that Crazy Evil’s methods may inspire similar operations, requiring increased vigilance in the cryptocurrency, gaming, and software sectors.