Ah, the eternal struggle between good and evil, played out in the vast expanse of cyberspace 🤖. Researchers at Darktrace, those stalwart defenders of the digital realm, have sounded the alarm: threat actors are employing increasingly cunning social engineering tactics to infect the unwary with crypto-stealing malware 🚨.
In a tale of deception and guile, Darktrace researchers have detailed an elaborate campaign in which scammers impersonate AI, gaming, and Web3 startups, preying upon the trusting nature of their victims 🤥. The scheme relies on verified and compromised X accounts, as well as project documentation hosted on legitimate platforms, to create an illusion of legitimacy 📊.
It begins with a seemingly innocuous message on X, Telegram, or Discord, as the impersonators reach out to potential victims, posing as representatives of emerging startups 📈. They dangle the promise of cryptocurrency payments in exchange for testing software, a tantalizing prospect for the unwary 💸.
The victims are then directed to polished company websites, designed to mimic legitimate startups, complete with whitepapers, roadmaps, GitHub entries, and even fake merchandise stores 🛍️. It’s a veritable Potemkin village of deceit 🏙️.
Once the malicious application is downloaded, a Cloudflare verification screen appears, during which the malware quietly collects system information, including CPU details, MAC address, and user ID 🤫. This information, along with a CAPTCHA token, is sent to the attacker’s server to determine whether the system is a viable target 📊.
If the verification succeeds, a second-stage payload, typically an info-stealer, is stealthily delivered, extracting sensitive data, including cryptocurrency wallet credentials 💸. Both Windows and macOS versions of the malware have been detected, with some Windows variants known to be using code-signing certificates stolen from legitimate companies 📝.
According to Darktrace, the campaign bears a striking resemblance to tactics employed by “traffer” groups, those cybercriminal networks that specialize in generating malware installs through deceptive content and social media manipulation 🤝.
While the threat actors remain shrouded in mystery, researchers believe the methods used are consistent with those seen in campaigns attributed to CrazyEvil, a group notorious for targeting crypto-related communities 🤑.
“CrazyEvil and their sub teams create fake software companies, similar to the ones described in this blog, making use of Twitter and Medium to target victims,” Darktrace wrote, adding that the group is estimated to have made “millions of dollars in revenue from their malicious activity” 💸.
A Recurring Nightmare
Alas, this is not an isolated incident 🙅♂️. Similar malware campaigns have been detected on multiple occasions throughout this year, with one North Korea-linked operation found to be using fake Zoom updates to compromise macOS devices at crypto firms 📊.
Attackers were reportedly deploying a new malware strain dubbed “NimDoor,” delivered through a malicious SDK update 📦. The multi-stage payload was designed to extract wallet credentials, browser data, and encrypted Telegram files while maintaining persistence on the system 🔒.
In another instance, the infamous North Korean hacking group Lazarus was found to be posing as recruiters to target unsuspecting professionals using a new malware strain called “OtterCookie,” which was deployed during fake interview sessions 📝.
Earlier this year, a separate study by blockchain forensic firm Merkle Science found that social engineering scams were mostly targeting celebrities and tech leaders through hacked X accounts 🤦♂️.
Read More
- SOL PREDICTION. SOL cryptocurrency
- ETH PREDICTION. ETH cryptocurrency
- USD TRY PREDICTION
- SHIB PREDICTION. SHIB cryptocurrency
- WLD PREDICTION. WLD cryptocurrency
- EUR AUD PREDICTION
- EUR USD PREDICTION
- CRO PREDICTION. CRO cryptocurrency
- GBP CNY PREDICTION
- DOGE PREDICTION. DOGE cryptocurrency
2025-07-11 11:40