Executive Summary
Crypto Scams in India are growing at a rapid rate.
At the end of December 2023, Financial Intelligence Unit India (FIU IND) issued show cause notices to nine offshore Virtual Digital Assets Service Providers – Binance, Kucoin, Huobi, Kraken, Gate.io, Bittrex, Bitstamp, MEXC Global and Bitfinex.
Also, it wrote to the Ministry of Electronics and Information Technology to block the URLs of the nine entities operating illegally.
Since then, Shreshta Threat Intelligence team has detected a huge uptick in crypto scams in India such as phishing attacks and fake Android APKs luring citizens of India interested in investment schemes and cryptocurrency.
Many deceptive phishing websites that lure users into fraudulent investment and cryptocurrency schemes are springing up at a rapid rate. These scam websites employ tactics such as initially prompting the user’s email and name without proper validation. Subsequently, it prompts users to send bitcoins to a specified address in order to start the investment schemes.
Motive
The motive of threat actors is to exploit users by tricking them into sharing Personally Identifiable Information (PII) such as name, address, contact number and sensitive details such as bank details.
Crypto Scams in India – Phishing website impersonate WazirX
Figure 1 – Screenshot of phishing website impersonating Wazirx website
Figure 2 – Registering on the WazirX website for trading bitcoin with randomly entered data is successful without undergoing validation
Figure 3 – After registration, the user is presented with a Dashboard
Figure 4 – The page prompts the user to input payment details into the trading account
Figure 5 – Crediting money for the trading account
Figure 6 – Even though wrong information is fed, the process continues, indicating that this is scam, and prompts user to input their PII
Figure 7 – Screenshot of a phishing platform attempting to deceive users into engaging in cryptocurrency trading by connecting a wallet. However, the provided link redirects to a seemingly legitimate website for downloading wallets and linking them.
FlashBTC phishing website distributing malware Android APK
Figure 7 – Screenshot of the Flash BTC phishing website
Figure 8 – After downloading a demo, the zip file which gets downloaded contains malicious content.
Figure 9 – When we buy, it navigates the user to BTC activation plans
Figure 10 – After buying any plan, it asks to make a transaction either via QR code or the link provided
Figure 11 -Then the proof of payment need to be sent on telegram
Figure 12 – Screenshot of the phishing website pretending to be Binance – Cryptocurrency Exchange company
Figure 13 – The website prompts the user to invest using their Investment plans
Figure 14 – After clicking on particular plan it prompts the user to enter their email address and name and pay the amount respective to that plan
Figure 15 – The website then prompts the user to send the bitcoin amount to the specified bitcoin address
Binance phishing website
Figure 16 – Screenshot of the phishing website that prompts user to transact bitcoins
Figure 17- When we try to register, the registration is not being taken into account
Figure 18 – Screenshot of Korean phishing website prompts user to join membership for cryptocurrency exchange
Figure 19 – Screenshot to fill the details to join the membership
Figure 20 – Screenshot of a page that appears after filling incorrect data, meaning it’s a phishing attempt, this page prompts user to provide their sensitive details like bank account number, bank name and contact number and prompts user to trade using cryptocurrency
Figure 21 – Screenshot of Phishing Binance Trading website that prompts user to trade using cryptocurrency
Figure 22 – The above screenshot appears when we register for Binance trading
Figure 23 – The phishing page displays a Dashboard even though the user registration hasn’t been validated
Figure 24 – It page prompts the user to choose/buy a plan for trading
Figure 25 – Even with incorrect inputs, the page accepts and progresses
Figure 26 – Despite the inaccurate details, the page displays an amount already sent, prompting the user to enter their bank details
Safety Recommendations
- Users should be wary of any website or an application which promises out of the world returns.
- If you become a victim of cybercrime, particularly financial crime, call the national (India) cybercrime helpline 1930 or file a complaint at https://cybercrime.gov.in/
Conclusion
Crypto scams in India that we have detected and analysed have comprised of phishing websites and fake Android APKs. Users should be wary of any website or an application which promises out of the world returns.
Free 30-day trial of our threat intelligence
Threat actors constantly optimise and evolve their attacks to steal credentials and data and infiltrate networks. Our threat intelligence feeds are highly actionable and curated to protect against phishing, malware, C2 and newly registered domain names.
Interested? Please send us an email to info@shreshtait.com for a free 30-day trial.
Recommended reading
A few other threat intelligence blog posts that you might be interested in,
