HackRead reports that attacks involving the impersonation of CoinMarketCap journalists have been launched against cryptocurrency executives as part of a new spear-phishing campaign.
Threat actors using a former CoinMarketCap contributor's name and photo have sent email invitations to a Web3 innovation-themed interview, which include a button that would allow Calendly-scheduling of a Zoom call, according to findings from Bitso's Quetzal Team. Joining the call would introduce Igor and the CoinCapMarket editor-spoofing Dirk, with the former luring targets into changing the language of the app to Polish in a bid to restart the app. Such a process would then trigger a pop-up, which could allow total remote control over targets' keyboard and mouse, opening the floodgates for potential malware deployment. Despite being similar to increasingly prevalent ClickFix intrusions, such an attack campaign's ability to allow remote device control was noted by researchers to be more threatening to targets.
Threat actors using a former CoinMarketCap contributor's name and photo have sent email invitations to a Web3 innovation-themed interview, which include a button that would allow Calendly-scheduling of a Zoom call, according to findings from Bitso's Quetzal Team. Joining the call would introduce Igor and the CoinCapMarket editor-spoofing Dirk, with the former luring targets into changing the language of the app to Polish in a bid to restart the app. Such a process would then trigger a pop-up, which could allow total remote control over targets' keyboard and mouse, opening the floodgates for potential malware deployment. Despite being similar to increasingly prevalent ClickFix intrusions, such an attack campaign's ability to allow remote device control was noted by researchers to be more threatening to targets.
