Artificial intelligence, Web3, social media, and gaming firms have been spoofed to facilitate the deployment of cryptocurrency draining malware on Windows and macOS systems as part of a social engineering campaign that has been underway since March 2024, The Hacker News reports.
Hacked verified accounts on X, formerly Twitter, have been used to establish the legitimacy of bogus startups, with threat actors leveraging such accounts to lure targeted developers into examining software in exchange for cryptocurrency payment, according to an analysis from Darktrace. Agreeing to the test redirects to a fake website that leads to the download of a Windows Electron app or an Apple disk image file, with the former showing a Cloudflare verification screen while stealthily launching an information-stealing payload and the latter triggering the Atomic macOS Stealer malware. "This campaign highlights the efforts that threat actors will go to make these fake companies look legitimate in order to steal cryptocurrency from victims, in addition to the use of newer evasive versions of malware," said Darktrace researcher Tara Gould.
Hacked verified accounts on X, formerly Twitter, have been used to establish the legitimacy of bogus startups, with threat actors leveraging such accounts to lure targeted developers into examining software in exchange for cryptocurrency payment, according to an analysis from Darktrace. Agreeing to the test redirects to a fake website that leads to the download of a Windows Electron app or an Apple disk image file, with the former showing a Cloudflare verification screen while stealthily launching an information-stealing payload and the latter triggering the Atomic macOS Stealer malware. "This campaign highlights the efforts that threat actors will go to make these fake companies look legitimate in order to steal cryptocurrency from victims, in addition to the use of newer evasive versions of malware," said Darktrace researcher Tara Gould.
