Cybercrime Group Targets Cryptocurrency Influencers And Online Gaming Personalities

A cybercrime group called Marko Polo has compromised “tens of thousands of devices” globally through scams related to cryptocurrency and online gaming, as reported by researchers from Insikt Group on Tuesday.

Marko Polo operators use several deceptive tactics, including creating fake platforms that mimic popular games, software, or services to trick potential victims.

Marko Polo primarily targets cryptocurrency influencers and online gaming personalities, individuals usually considered more cybersecurity-aware than the average user.

Despite their heightened awareness, these individuals have become victims of spear-phishing attacks, which often involve fake job offers or partnership proposals, as noted by Recorded Future.

This shows the group’s focus on high-value targets within the digital finance world.

In recent news, there have been several instances of cyber attacks using fake video conferencing tools, and a significant increase in attacks targeting young gamers. Additionally, Binance has issued an alert about a growing malware threat targeting cryptocurrency users and causing substantial financial losses.

Marko Polo operates as a “traffer team,” redirecting victims to malicious content run by other cybercriminals. It is one of many active groups in the cybercrime world, underscoring the scale of these operations.

Once victims click on malicious links or download these fraudulent programs, they expose their devices to harmful malware like HijackLoader, Stealc, Rhadamanthys, and AMOS, which can steal sensitive information, control their devices, or enable further cyberattacks.

The operators also rely heavily on fake social media accounts to promote their scams and engage with users. These accounts are either purchased in bulk or obtained through account takeovers of legitimate users.

Fake platforms such as PartyWorld, a “loot shooter” game impersonating Fortnite and Party Royale, and NightVerse, a fraudulent “cyberpunk” metaverse, are used to lure unsuspecting players.

Similarly, Vortax, Vorion, and Vixcall pretend to be virtual meeting software, tricking users into downloading malicious software. The scams extend to fake virtual meeting software, as well as communication and collaboration tools like Up-Connect and GoHeard.

Nortex, another scam, poses as a decentralized all-in-one application to trick cryptocurrency influencers and users into downloading malware.

Insikt Group suggests several mitigation strategies to mitigate the risks of Marco Polo’s attacks. They suggest using advanced tools to block harmful malware, implementing web filters, and segmenting networks to contain malware spread.

Monitoring for unusual activity, keeping threat information current, and training staff on online risks are also advised.

Additionally, updating incident response plans, collaborating with other organizations and authorities, securing supply chains, and ensuring compliance with data protection laws are emphasized.