'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut

The Marko Polo cybercrime gang represents a growing, global financial threat, steering at least 30 ongoing fraud campaigns at the same time and wielding an arsenal of sophisticated malware that has compromised tens of thousands of devices so far.

That's according to Recorded Future's Insikt research arm, which noted the group's scams are going after individuals and organizations alike by impersonating popular brands such as Zoom, Discord, and OpenSea, mostly in the online gaming, virtual meeting software, and cryptocurrency platform markets. The efforts are targeted, despite the scale of the operations, and tend to be perpetrated via various social media platforms.

The payload arsenal meanwhile is varied and comprised of about 50 largely off-the-shelf malware samples. The binaries include HijackLoader, Stealc, Rhadamanthys, and AMOS, all geared toward stealing crypto, or data to sell or use for identify theft and other fraud efforts.

In all, Marko Polo's sprawling empire of cybercrime has stolen millions from victims, according to Insikt.

"Marko Polo's reach is both impressive and alarming," according to research this week from the analysts. "Through social engineering tactics, the group has primarily targeted cryptocurrency influencers and online gaming personalities — individuals generally regarded as more cybersecurity-savvy than the average Internet user. Despite their heightened awareness, these individuals have fallen victim to well-crafted spear-phishing attacks, often involving fake job opportunities or partnerships."