Darktrace found out that scammers are associated with potential victims in the social networks X, Telegram or Discord and offer people rewards in cryptocurrency if they take part in testing software. Fraudsters pretend to be startups in the field of artificial intelligence (AI), games and Web3, deceiving users to load infected programs. Attackers use other people’s compromised accounts in X, as well as project documentation and roadmaps published on legal platforms to create the illusion of believability.
Having agreed to participate in testing, users redirect to fake websites of companies that imitate real startups. After loading the malicious application, users have a Cloudflare verification screen, where the virus imperceptibly collects systemic information: data on the processor, MAC address and user identifier. These data are sent to the attacker server. Then he extracts the confidential information of the victim, including data for entering the crypto -coolant.
Researchers Darktrace have found versions of this malicious program for both Windows and MacOS systems. Darktrace suggested that attackers use methods similar to those used by the Crazy Evil hacker group, attacking cryptocurrency communities. This group of hackers impersonate companies operating in the field of blockchain, publishing vacancies, and then abducts digital assets with job applicants.
Earlier, SlowMist blockchain security specialists reported crypto-meshs who send phishing links to the Zoom platform for video conferences.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
