Date: 07/31/2024
Severity: High
Summary
We discovered a fraudulent investment app for Android called Olympics.apk on 2024olympics-shop.com. As of July 28, 2024, videos promoting this scam have amassed hundreds of views, with some exceeding 1K. The scammers also run a Telegram channel with over 7,800 members. This scheme falsely claims to be an official Olympic cryptocurrency investment program.
Indicators of Compromise (IOC) List
Domains\Urls | api.2024olympics-shop.com/olympics.apk 2024olympics-shop.com https://t.me/olympic2024_usdt |
Hash |
aae9b07dbf0c6205e80acd6a86c716fc46a0bf5fbfee1c1565b62d432c979647 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains\Urls | userdomainname like "t.me/olympic2024_usdt" or url like "t.me/olympic2024_usdt" or userdomainname like "api.2024olympics-shop.com/olympics.apk" or url like "api.2024olympics-shop.com/olympics.apk" or userdomainname like "2024olympics-shop.com" or url like "2024olympics-shop.com" |
Hash |
sha256hash IN ("aae9b07dbf0c6205e80acd6a86c716fc46a0bf5fbfee1c1565b62d432c979647") |
Reference:
https://www.linkedin.com/posts/unit42_olympicscam-unit42threatintel-timelythreatintel-activity-7224173687371874304-DxbA
https://x.com/Unit42_Intel/status/1818408063415521332
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-07-30-Olympics-themed-investment-scam.txt