Close Menu
    Facebook X (Twitter) Instagram
    Friday, July 11
    X (Twitter) Instagram LinkedIn YouTube
    Chain Tech Daily
    Banner
    • Altcoins
    • Bitcoin
    • Crypto
    • Coinbase
    • Litecoin
    • Ethereum
    • Blockchain
    • Lithosphere News Releases
    Chain Tech Daily
    You are at:Home » Darktrace warns of social engineering scams deploying crypto-stealing malware
    Crypto

    Darktrace warns of social engineering scams deploying crypto-stealing malware

    James WilsonBy James WilsonJuly 11, 2025No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Researchers at cybersecurity company Darktrace have warned that threat actors are using increasingly sophisticated social engineering tactics to infect victims with crypto-stealing malware.

    In its latest blog, Darktrace researchers detailed an elaborate campaign in which scammers were found to be impersonating AI, gaming, and Web3 startups to trick users into downloading malicious software.

    The scheme relies on verified and compromised X accounts, as well as project documentation hosted on legitimate platforms, to create an illusion of legitimacy.

    According to the report, the campaign usually begins with impersonators reaching out to potential victims on X, Telegram, or Discord. Posing as representatives of emerging startups, they offer incentives such as cryptocurrency payments in exchange for testing software.

    Victims are then directed to polished company websites designed to mimic legitimate startups, complete with whitepapers, roadmaps, GitHub entries, and even fake merchandise stores.

    Once a target downloads the malicious application, a Cloudflare verification screen appears, during which the malware quietly collects system information such as CPU details, MAC address, and user ID. This information, along with a CAPTCHA token, is sent to the attacker’s server to determine whether the system is a viable target.

    If the verification succeeds, a second-stage payload, typically an info-stealer, is stealthily delivered, which then extracts sensitive data, including cryptocurrency wallet credentials.

    Both Windows and macOS versions of the malware have been detected, with some Windows variants known to be using code-signing certificates stolen from legitimate companies.

    According to Darktrace, the campaign resembles tactics used by “traffer” groups, which are cybercriminal networks that specialize in generating malware installs through deceptive content and social media manipulation.

    While the threat actors remain unidentified, researchers believe the methods used are consistent with those seen in campaigns attributed to CrazyEvil, a group known for targeting crypto-related communities.

    “CrazyEvil and their sub teams create fake software companies, similar to the ones described in this blog, making use of Twitter and Medium to target victims,” Darktrace wrote, adding that the group is estimated to have made “millions of dollars in revenue from their malicious activity.”

    A recurring threat

    Similar malware campaigns have been detected on multiple occasions throughout this year, with one North Korea-linked operation found to be using fake Zoom updates to compromise macOS devices at crypto firms.

    Attackers were reportedly deploying a new malware strain dubbed “NimDoor,” delivered through a malicious SDK update. The multi-stage payload was designed to extract wallet credentials, browser data, and encrypted Telegram files while maintaining persistence on the system.

    In another instance, the infamous North Korean hacking group Lazarus was found to be posing as recruiters to target unsuspecting professionals using a new malware strain called “OtterCookie,” which was deployed during fake interview sessions.

    Earlier this year, a separate study by blockchain forensic firm Merkle Science found that social engineering scams were mostly targeting celebrities and tech leaders through hacked X accounts.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleRobinhood hit with second probe over misleading crypto marketing
    Next Article Omni Network skyrockets 180% as Bitcoin hits $118K: is $10 next?
    James Wilson

    Related Posts

    Bitcoin bull run wrecks shorts in historic liquidation

    July 11, 2025

    Blocksquare surpasses $200m in tokenized real estate amid RWA surge

    July 11, 2025

    Crypto ATM scams run rampant in Australia, scammers target older victims

    July 11, 2025
    Leave A Reply Cancel Reply

    Don't Miss

    Bitcoin bull run wrecks shorts in historic liquidation

    Why is ZK proof altcoin Lagrange (LA) dropping amid a rally in crypto market

    Blocksquare surpasses $200m in tokenized real estate amid RWA surge

    Crypto ATM scams run rampant in Australia, scammers target older victims

    About
    About

    ChainTechDaily.com is your daily destination for the latest news and developments in the cryptocurrency space. Stay updated with expert insights and analysis tailored for crypto enthusiasts and investors alike.

    X (Twitter) Instagram YouTube LinkedIn
    Popular Posts

    Bitcoin bull run wrecks shorts in historic liquidation

    July 11, 2025

    Why is ZK proof altcoin Lagrange (LA) dropping amid a rally in crypto market

    July 11, 2025

    Blocksquare surpasses $200m in tokenized real estate amid RWA surge

    July 11, 2025
    Lithosphere News Releases

    AGII Refines Web3 Utility Modules to Improve Platform Efficiency

    July 11, 2025

    Imagen Network Deploys XRP-Based Modules to Expand Liquidity Support for Web3 Social Frameworks

    July 11, 2025

    Imagen Network (IMAGE) Launches RLUSD-Based Components for Stable AI-Powered Social Transactions

    July 10, 2025
    Copyright © 2025

    Type above and press Enter to search. Press Esc to cancel.