The Wagmi traffer group, operating since early 2023, specializes in NFT scams and cryptocurrency theft. They utilize sophisticated social engineering tactics, fake web3-themed games, and impersonation of legitimate projects to lure victims. Their operations have allegedly earned over $2.4 million between June 2023 and March 2025. The group employs various techniques, including seed phrase phishing and automated wallet address scraping from social media. They target users of NFT marketplaces and the Web3 community, using fake job offers and enticing game promotions. The group also engages in code signing certificate abuse to bypass security measures and increase infection rates. Their malware payloads include HijackLoader, Lumma C2 infostealer, Rhadamanthys stealer, and AMOS stealer for MacOS. Author: AlienVault
Related Tags:
T1553.002
T1547.009
cryptocurrency theft
T1059.005
HijackLoader
rhadamanthys
amos
T1552
T1129
Associated Indicators:
E0E0B3D2890053CBDF84D6C3177E267D8F767F4B2B6D6E5FB2DE5860B0A09EE2
42735792CC7E76B7439751D4AA673D5BD61D100F8D4DE42C9084DB46E2A1DBF1
2005BD6B7613D7C6BC8EA6E179F498B05FEB185237511EEBCE44A5D3D87662EC
9F4E52D4DFB7EBF09E0371A92280AD21519030F7032077CBA125903454DD211D
75BA94534EA1433F70C57DE43B27B9DC1C9F310E004FA5C70AD3E6B79650328A
1D879FB13ED76A9892D8E9EA99AA6817CD1248D409956C1AB1B47C2F79C103BD
D516515E923875AE22B6325BBA9E53F5FA531AA7C6C7A386FB380F3AE92B5009
154AF50AB1F4B14E10B2532574C3856BBDADAABB042ADE5BF39A7153CB9E89F8
ECDD79C3228B8F354E6C0148C00038790BD8A874428DC9B3F57111E753D3565F