Kaspersky warns of rising Efimer trojan attacks on crypto users
Kaspersky Security Network has reported that between October 2024 and July 2025, more than 5,000 users — including both individuals and organisations — were targeted by the Efimer trojan, a malicious program designed to steal and replace cryptocurrency wallet addresses. The campaign was particularly damaging in Brazil, which saw approximately 1,500 victims, but also impacted users in India, Spain, Russia, Italy, and Germany.
Initially detected in October 2024, early versions of Efimer were spread through compromised WordPress websites. By June 2025, attackers had expanded their methods, distributing the malware via phishing emails. These emails, disguised as correspondence from a legal firm, threatened recipients with lawsuits over alleged domain name patent violations to pressure them into downloading malicious files.
'This Trojan is notable for its dual approach to spreading — targeting both individual users and corporate environments with different tactics. For private users, attackers use torrent files pretending to be popular movies to lure victims, while in corporate settings, they rely on fraudulent emails containing legal threats. Crucially, in both cases, compromise only occurs if the user actively downloads and executes the malicious file,' explained Artyom Ushkov, threat researcher at Kaspersky.
Read:
Kaspersky advises both corporate and individual users to avoid downloading torrent files from unverified sources, verify the legitimacy of email senders, and keep antivirus databases up to date. Users should also refrain from clicking on links or opening attachments in unsolicited emails, ensure software is regularly updated, enforce strong passwords and two-factor authentication, and continuously monitor for potential compromises. Installing a trusted security solution and following its recommendations can automatically mitigate most threats.
For developers and website administrators, Kaspersky recommends implementing strong security measures to prevent unauthorised access and stop malware from propagating through their infrastructure.
The full report is available on
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Business
8 hours ago
- Gulf Business
Kaspersky warns of rising Efimer trojan attacks on crypto users
Image: Getty Images Kaspersky Security Network has reported that between October 2024 and July 2025, more than 5,000 users — including both individuals and organisations — were targeted by the Efimer trojan, a malicious program designed to steal and replace cryptocurrency wallet addresses. The campaign was particularly damaging in Brazil, which saw approximately 1,500 victims, but also impacted users in India, Spain, Russia, Italy, and Germany. Initially detected in October 2024, early versions of Efimer were spread through compromised WordPress websites. By June 2025, attackers had expanded their methods, distributing the malware via phishing emails. These emails, disguised as correspondence from a legal firm, threatened recipients with lawsuits over alleged domain name patent violations to pressure them into downloading malicious files. 'This Trojan is notable for its dual approach to spreading — targeting both individual users and corporate environments with different tactics. For private users, attackers use torrent files pretending to be popular movies to lure victims, while in corporate settings, they rely on fraudulent emails containing legal threats. Crucially, in both cases, compromise only occurs if the user actively downloads and executes the malicious file,' explained Artyom Ushkov, threat researcher at Kaspersky. Read: Kaspersky advises both corporate and individual users to avoid downloading torrent files from unverified sources, verify the legitimacy of email senders, and keep antivirus databases up to date. Users should also refrain from clicking on links or opening attachments in unsolicited emails, ensure software is regularly updated, enforce strong passwords and two-factor authentication, and continuously monitor for potential compromises. Installing a trusted security solution and following its recommendations can automatically mitigate most threats. For developers and website administrators, Kaspersky recommends implementing strong security measures to prevent unauthorised access and stop malware from propagating through their infrastructure. The full report is available on
Zawya
9 hours ago
- Zawya
Kaspersky uncovers Efimer trojan targeting organizations through phishing emails
According to Kaspersky Security Network, between October 2024 and July 2025, over 5,000 users — both individuals and organizations — fell victim to the Efimer trojan. The malware was particularly impactful in Brazil, affecting around 1,500 victims. These attacks also targeted users in India, Spain, Russia, Italy, and Germany. Kaspersky has discovered a rapidly escalating malicious campaign targeting corporate users with Efimer — a trojan designed to steal and replace cryptocurrency wallet addresses. Initial versions of Efimer appeared in October 2024 and were distributed through compromised WordPress websites. However, in June 2025, the malware began spreading via phishing emails as well. Disguised as a legal firm, the attackers send emails threatening recipients with lawsuits over alleged domain name patent violations to trick them into downloading the malware. This approach allows Efimer to build its own malicious infrastructure and continue spreading to new devices. An example of the malicious email 'This Trojan is notable for its dual approach, to spreading — targeting both individual users and corporate environments with different tactics. For private users, attackers use torrent files pretending to be popular movies to lure victims, while in corporate settings, they rely on fraudulent emails containing legal threats. Crucially, in both cases, compromise only occurs if the user actively downloads and executes the malicious file,' explains Artyom Ushkov, threat researcher at Kaspersky. Kaspersky recommends corporate and individual users: Refrain from downloading torrent files from unknown or untrusted sources. Recipients should carefully verify the legitimacy of email senders and ensure antivirus databases are regularly updated. Avoid clicking on links or opening attachments in unsolicited or spam emails to reduce the risk of malware infection. Stick to best practice including regular software updates, enforcing strong passwords and two-factor authentication, as well as continuous monitoring for signs of compromise. Install a trusted security solution and follow its recommendations. Secure solutions will solve the majority of problems automatically and send alerts. For developers and website administrators: implementing robust security measures to protect their infrastructure from unauthorized access and malware propagation is essential. Find the full report on About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at
Khaleej Times
10 hours ago
- Khaleej Times
Aujas Cybersecurity rebrands as NuSummit Cybersecurity
NuSummit has announced the rebranding of its cybersecurity subsidiary Aujas Cybersecurity as NuSummit Cybersecurity. This strategic integration consolidates NuSummit's cybersecurity capabilities under a unified brand, further strengthening its leadership as a global force in cybersecurity, driven by innovation, scale, and an unwavering commitment to client-centric security solutions. Aujas Cybersecurity, known for fortifying digital enterprises since 2008, has consistently delivered cutting-edge cybersecurity solutions across identity and access management, risk assurance, application security, and managed detection and response. Operating as NuSummit Cybersecurity, the company will now build on this proven legacy with enhanced global reach and expanded capabilities. Anantharaman Sreenivasan, managing director and group CEO, NuSummit said: 'This brand integration marks a pivotal evolution, combining our deep cybersecurity expertise with the full breadth of our digital capabilities. We're not just securing systems; we're architecting intelligent security foundations that unlock new business models and enable confident innovation. As AI reshapes both opportunity and risk, NuSummit is uniquely positioned to help clients harness its full potential, safely and securely. Our enhanced value proposition is clear: empower clients to accelerate digital transformation by practicing AI in a fortified, trusted environment, where security is not a checkpoint, but a launchpad for growth. 'At NuSummit Cybersecurity, this isn't just a name change; it's a renewed commitment to purpose,' said Sameer Shelke, CEO and co-founder, NuSummit Cybersecurity. 'For over seventeen years, Aujas Cybersecurity has built a reputation for staying ahead of threats and delivering real-world solutions that work. Today, as NuSummit Cybersecurity, we're scaling that legacy, amplifying our impact with advanced capabilities, and harnessing AI to drive speed, precision, and efficiency across the cybersecurity lifecycle. We're not just evolving; we're accelerating the future of secure digital transformation.' Varun Laul, partner at Investcorp, said: 'The integration of Aujas Cybersecurity into NuSummit Cybersecurity is a strategic leap forward in solidifying NuSummit's position as a global leader in cybersecurity. As the world faces a new era of cyber threats, NuSummit Cybersecurity is uniquely equipped to provide intelligent, scalable solutions that address the complex demands of today's digital ecosystem. We are proud to continue backing NuSummit's growth and success in this crucial space." As organisations race to embrace digital transformation, NuSummit Cybersecurity stands at the convergence of trust and technology. Its focused investments in next-gen cybersecurity controls and responsible AI integration are set to define the next chapter in cybersecurity. From enabling the world's largest citizen identity programme to safeguarding financial giants and telecom enterprises, the company has built a formidable portfolio that speaks to its differentiated approach and client-first ethos.
