Crypto Scams in India

Executive Summary

Crypto Scams in India are growing at a rapid rate.

At the end of December 2023, Financial Intelligence Unit India (FIU IND) issued show cause notices to nine offshore Virtual Digital Assets Service Providers – Binance, Kucoin, Huobi, Kraken, Gate.io, Bittrex, Bitstamp, MEXC Global and Bitfinex. 

Also, it wrote to the Ministry of Electronics and Information Technology to block the URLs of the nine entities operating illegally.

Since then, Shreshta Threat Intelligence team has detected a huge uptick in crypto scams in India such as phishing attacks and fake Android APKs luring citizens of India interested in investment schemes and cryptocurrency.

Many deceptive phishing websites that lure users into fraudulent investment and cryptocurrency schemes are springing up at a rapid rate. These scam websites employ tactics such as initially prompting the user’s email and name without proper validation. Subsequently, it prompts users to send bitcoins to a specified address in order to start the investment schemes.

Motive

The motive of threat actors is to exploit users by tricking them into sharing Personally Identifiable Information (PII) such as name, address, contact number and sensitive details such as bank details.

Crypto Scams in India – Phishing website impersonate WazirX

Figure 1 – Screenshot of phishing website impersonating Wazirx website

Figure 2 – Registering on the WazirX website for trading bitcoin with randomly entered data is successful without undergoing validation

Figure 3 – After registration, the user is presented with a Dashboard

Figure 4 – The page prompts the user to input payment details into the trading account

Figure 5 – Crediting money for the trading account

Figure 6 – Even though wrong information is fed, the process continues, indicating that this is scam, and prompts user to input their PII

Figure 7 – Screenshot of a phishing platform attempting to deceive users into engaging in cryptocurrency trading by connecting a wallet. However, the provided link redirects to a seemingly legitimate website for downloading wallets and linking them. 

FlashBTC phishing website distributing malware Android APK

Figure  7 – Screenshot of the Flash BTC phishing website 

Figure 8 – After downloading a demo, the zip file which gets downloaded contains malicious  content.

Figure 9 – When we buy, it navigates the user to BTC activation plans

Figure 10 – After buying any plan, it asks to make a transaction either via QR code or the link provided

Figure  11 -Then the proof of payment need to be sent on telegram

Figure 12 – Screenshot of the phishing website pretending to be Binance – Cryptocurrency Exchange company

Figure 13 – The website prompts the user to invest using their Investment plans

Figure 14 – After clicking on particular plan it prompts the user to enter their email address and name and pay the amount respective to that plan

Figure 15 – The website then prompts the user to send the bitcoin amount to the specified bitcoin address

Binance phishing website

Figure 16 – Screenshot of the phishing website that prompts user to transact bitcoins

Figure 17- When we try to register, the registration is not being taken into account

Figure 18 – Screenshot of Korean phishing website prompts user to join membership for cryptocurrency exchange

Figure 19 – Screenshot to fill the details to join the membership 

Figure 20 – Screenshot of a page that appears after filling incorrect data, meaning it’s a phishing attempt, this page prompts user to provide their sensitive details like bank account number, bank name and contact number and prompts user to trade using cryptocurrency

Figure 21 – Screenshot of Phishing Binance Trading website that prompts user to trade using cryptocurrency

Figure 22 – The above screenshot appears when we register for Binance trading

Figure 23 – The phishing page displays a Dashboard even though the user registration hasn’t been validated

Figure 24 – It page prompts the user to choose/buy a plan for trading

Figure  25 – Even with incorrect inputs, the page accepts and progresses

Figure 26 – Despite the inaccurate details, the page displays an amount already sent, prompting the user to enter their bank details

Safety Recommendations

1. Users should be wary of any website or an application which promises out of the world returns.
2. If you become a victim of cybercrime, particularly financial crime, call the national (India) cybercrime helpline 1930 or file a complaint at https://cybercrime.gov.in/ 

Conclusion

Crypto scams in India that we have detected and analysed have comprised of phishing websites and fake Android APKs. Users should be wary of any website or an application which promises out of the world returns.

Free 30-day trial of our threat intelligence

Threat actors constantly optimise and evolve their attacks to steal credentials and data and infiltrate networks. Our threat intelligence feeds are highly actionable and curated to protect against phishing, malware, C2 and newly registered domain names.

Interested? Please send us an email to info@shreshtait.com for a free 30-day trial.

Recommended reading

A few other threat intelligence blog posts that you might be interested in,

Swapneel Patnekar

Website | + posts

• Swapneel Patnekar

  https://shreshtait.com/blog/author/pswapneel/

  ShadowFindr – Uncover domain shadowing attacks
• Swapneel Patnekar

  https://shreshtait.com/blog/author/pswapneel/

  Domain shadowing
• Swapneel Patnekar

  https://shreshtait.com/blog/author/pswapneel/

  Web shell – A primer
• Swapneel Patnekar

  https://shreshtait.com/blog/author/pswapneel/

  DNS KeyTrap vulnerability