Cryptocurrency Malware Attack

Cryptocurrency users are currently facing a social engineering campaign where fake startup companies trick them into downloading malware that can drain digital assets from both Windows and mac OS systems.

According to Darktrace researcher Tara Gould, these malicious operations impersonate AI, gaming, and Web3 firms, using spoofed social media accounts and legitimate project documentation hosted on platforms like Notion and GitHub. 

Cryptocurrency Malware AttackCryptocurrency Malware Attack

This elaborate scam has been ongoing, with a previous iteration in December 2024 involving bogus videoconferencing platforms to lure victims into downloading malicious software.

The latest findings indicate that the campaign, codenamed "Meeten" by Cado Security, has expanded its themes to include artificial intelligence, gaming, and social media. Attackers have been observed using compromised verified X accounts to approach potential targets, creating an illusion of legitimacy for their fake companies.

Cryptocurrency Malware AttackCryptocurrency Malware Attack

One example is Eternal Decay, a non-existent blockchain game that shares digitally altered images to appear credible. The attack begins when adversary-controlled accounts message victims, offering cryptocurrency payments in exchange for testing their software. Victims are then redirected to fictitious websites to download malicious applications.

On Windows, the malware masquerades as a Cloudflare verification screen while it profiles the machine and executes an installer. For macOS, the Atomic macOS Stealer (AMOS) is deployed, capable of siphoning documents and data from web browsers and crypto wallets.

"NPAV recommends home users and organizations to maintain strong, up-to-date cybersecurity measures. Install NPAV on your desktop, laptop, and mobile devices to ensure world-class protection against fraud, malware, and ransomware attacks.

Choose NPAV and be a part of our mission to make the digital world safer for everyone."