Malware, Threat Intelligence

Novel malware used in West-targeted COLDRIVER intrusions

Privacy concept: pixelated words Malware on digital background, 3d render

Western organizations have been targeted by Russian hacking group COLDRIVER in attacks involving the novel LOSTKEYS information-stealing malware, indicating the threat operation's advancement from spear-phishing activities, according to Cointelegraph.

COLDRIVER begins intrusions by displaying a website with a bogus CAPTCHA meant to lure targets into downloading a PowerShell script that would then trigger device evasion before the eventual installation of LOSTKEYS, a report from Google revealed. Aside from exfiltrating extension- and directory-stored files, LOSTKEYS also enables the system and running process detail delivery to COLDRIVER, said Google, which has already moved to include impacted websites to its "Safe Browsing" feature to prevent additional compromise. Such a development comes after Hacken, a cryptocurrency cybersecurity firm, reported total cryptocurrency losses to reach $2 billion during the first three months of 2025, which is higher than the entirety of last year. Most of the losses have been attributed to the Lazarus Group attack against Dubai-based cryptocurrency exchange Bybit Technology in February.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds