chat
expand_more

BTC Era Impersonated in Malware Attack

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise...
August 24, 2020

As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise to install malware on recipients' devices.

Summary of Attack Target

  • Platform: Office 365
  • Email Security Bypassed: Office 365
  • Payload: Malicious Link
  • Technique: Brand Impersonation

Overview of the BTC Era Impersonation Malware Attack

The attack impersonates an automated email from BTC Era, a platform for trading cryptocurrency. However, the email is actually sent from aurinekevinlola@gmail.com. The sender addresses the recipient by name, and the email states that the recipient has been approved to make a BTC transaction, which requires a minimum deposit of $250 to start. Following this is a concealed URL with text that reads “create an account”.


Clicking on the “create an account” link leads to multiple redirects, before landing on “theverifycheck.com” webpage. Upon arriving at this landing page, a pop-up alert requests permission to show notifications from the website. After clicking “Allow” the landing page remains static.

By clicking “Allow”, the user has actually given permission for Adware to run on their device. It only appears that nothing has happened. Going into chrome settings, the user would be able to see that the website is running Malwarebytes, thus rendering their devices as tools to monitor user behavior, as well as launch ads and spam targeting the user.

Why the BTC Era Impersonation Malware Attack is Effective

The attack impersonates an email from BTC Era, where anyone can trade on the platform. This is an effective method to install malware if overlooked by the recipient. The URL is hosted through Constant Contact, an email marketing provider, although the email body implies the link leads to an account setup page through BTC Era. By concealing the URL, the recipient is likely to click on it and see what follows.

Furthermore, utilizing bulk email services is an easy way to deliver a widespread attack to multiple recipients at the same time. It takes less effort than spoofing emails and is more effective in casting a wide net to catch unsuspecting recipients.

Abnormal can catch this attack due to the unusual sender, the redirect links detected, and the clear name impersonation. Combined with the fact that the email contains texts and spaces at a size zero—common among email attackers–we can determine that this email is malicious.

Learn more about how Abnormal classifies malicious emails by seeing a demo today.

BTC Era Impersonated in Malware Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Related Posts

B Vendor Email Compromise Case Study Blog
See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.
Read More
AI Innovation Using AI to Simplify Cover pptx
Explore how Abnormal's engineering team advances internal development with an AI-driven platform that standardizes infrastructure, reduces setup time, and enables both engineers and AI agents to build and deploy services more efficiently.
Read More
B Flux Panel Ecommerce Checkout Hijacking via Phishing
FluxPanel turns legitimate ecommerce checkouts into live data theft operations. Learn how this dark web tool works, the role phishing plays, and how to stop attacks at their source.
Read More
B Fin Serv Attack Trends Blog
Email attacks on financial services rose 25% year-over-year. Learn why FinServ is a top target and how threat actors exploit trust to deceive employees.
Read More
B Flask Phishing Kit
Learn how threat actors used Flask, a popular Python framework, to build a versatile phishing kit for evasive campaigns that bypass traditional defenses.
Read More
B-Trust Trap Social Engineering Blog
The psychology of the modern work environment has become a roadmap for attackers—and a blind spot for traditional email security.
Read More