The Russian-speaking cybercrime gang Crazy Evil has been linked to numerous social media scams targeting Windows and macOS users with malware like StealC, AMOS, and Angel Drainer. Operating since at least 2021, the group specializes in cryptocurrency theft, identity fraud, and financial scams. It utilizes a structured network of traffers—social engineering experts—who redirect traffic to malicious phishing sites. The gang has generated over $5 million in illicit revenue and has been tied to various fraudulent schemes involving NFTs, digital assets, and online banking. Crazy Evil's operations are heavily reliant on Telegram, where it coordinates scams and trains affiliates through multiple private channels. The group runs six sub-teams (AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND), each responsible for distributing malware under the guise of legitimate applications. Additionally, the TAG-124 traffic distribution system has been identified as a key tool in their attack chain, enabling infections via compromised WordPress sites, GitHub repositories, and fake software update pages. The gang's success has prompted concerns about the rising threat to decentralized finance, gaming, and software sectors, urging cybersecurity teams to remain vigilant.

‍