Fake Crypto Attacks— What You Need To Know
Beware the fake crypto scammers.
Advanced persistent threat groups affiliated with nation-states are hot hacking news right now. The FBI has just confirmed a $10 million reward for information about individuals belonging to the Chinese Salt Typhoon cyber-espionage group. But China isn't the only player in the state-hacking game; a new report suggests that North Korea and, potentially, Russia could have joined forces in a new and highly dangerous fake crypto security threat. Here's what you need to know.
When it comes to crypto and matters of cybersecurity, there are generally two things that spring immediately to mind: ransomware payments and cryptocurrency theft. Perhaps the best-known types of the latter involve cryptojacking attacks, such as the recent MassJacker malware that resulted in a be careful what you search for warning.
According to an April 24 report from Silent Push, one nation-state-affiliated group, Contagious Interview, is behind a campaign using three separate fake cryptocurrency consulting companies to distribute three malware families to unsuspecting victims.
The malware trio will, ultimately, perform the same task: install infostealers to harvest system information, including browser data, passwords, and files, as well as silently drop remote access software onto the device for persistent access. Oh yes, and there's a tool to connect to cryptocurrency wallets as well. Worried yet? You should be, so take note of what is known about the campaign.
'Our team found that the use of fake job offers to distribute malware, such as BeaverTail, InvisibleFerret, and OtterCookie, enables remote access and data theft,' the report said. The aptly named Contagious Interview group was found to be heavily leaning on AI-generated images to create employee profiles for the three companies concerned, and I recommend you read the full report for all the details. 'As part of the crypto attacks,' the researchers said, 'the threat actors are heavily using GitHub, job listings and freelancer websites.'
Silent Push threat analysts said that they are continuing to track the Contagious Interview attackers as they believe they pose a threat to individuals. The fake crypto campaigns could also, Silent Push concluded, 'provide some corporate risk due to the malware they deploy and the credentials they acquire from devices.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
3 hours ago
- Forbes
Do Not Answer These Calls — Google Issues New Smartphone Warning
Beware the UNC6040 smartphone threat. Update, June 8, 2025: This story, originally published on June 6, has been updated with further warnings from the FBI regarding dangerous phone calls, as well as additional information from the Google Threat Intelligence Group report potentially linking the UNC6040 threat campaign to an infamous cybercrime collective known as The Com. Google's Threat Intelligence Group has issued a new warning about a dangerous cyberattack group known only as UNC6040, which is succeeding in stealing data, including your credentials, by getting victims to answer a call on their smartphone. There are no vulnerabilities to exploit, unless you include yourself: these attackers 'abuse end-user trust,' a Google spokesperson said, adding that the UNC6040 campaign 'began months ago and remains active.' Here's what you need to know and do. TL;DR: Don't answer that call, and if you do, don't act upon it. If you still need me to warn you about the growing threat from AI-powered cyberattacks, particularly those involving calls to your smartphone — regardless of whether it's an Android or iPhone — then you really haven't been paying attention. It's this lack of attention, on the broadest global cross-industry scale, that has left attackers emboldened and allowed the 'vishing' threat to evolve and become ever-increasingly more dangerous. If you won't listen to me, perhaps you'll take notice of the cybersecurity and hacking experts who form the Google Threat Intelligence Group. A June 4 posting by GTIG, which has a motto of providing visibility and context on the threats that matter most, has detailed how it's been tracking a threat group known only as UNC6040. This group is financially motivated and very dangerous indeed. 'UNC6040's operators impersonate IT support via phone,' the GTIG report stated, 'tricking employees into installing modified (not authorized by Salesforce) Salesforce connected apps, often Data Loader variants.' The payload? Access to sensitive data and onward lateral movement to other cloud services beyond the original intrusion for the UNC67040 hackers. Google's threat intelligence analysts have designated UNC6040 as opportunistic attackers, and the broad spectrum of that opportunity has been seen across hospitality, retail and education in the U.S. and Europe. One thought is that the original attackers are working in conjunction with a second group that acts to monetize the infiltrated networks and stolen data, as the extortion itself often doesn't start for some months following the initial intrusion itself. The Google Threat Intelligence Group report has linked the activity of the UNC640 attack group, specifically through shared infrastructure characteristics, with a cybercrime collective known as The Com. The highly respected investigative cybersecurity journalist, Brian Krebs, has described The Com as being a 'distributed cybercriminal social network that facilitates instant collaboration.' This social network exists within Telegram and Discord servers that are home to any number of financially motivated cybercrime actors. Although it is generally agreed that The Com is something of a boasting platform, where criminal hackers go to boost their exploit kudos while also devaluing the cybercrime activities of others, its own value as a resource for threat actors looking to find collaborative opportunities with like-minded individuals should not be underestimated. 'We've also observed overlapping tactics, techniques, and procedures,' Google's TIG researchers said with regard to The Com and UNC6040, 'including social engineering via IT support, the targeting of Okta credentials, and an initial focus on English-speaking users at multinational companies.' However, the GTIG report admits that it is also quite possible these overlaps are simply a matter of associated threat actors who all boast within the same online criminal communities, rather than being evidence of 'a direct operational relationship' between them. The Federal Bureau of Investigation has now also joined the chorus of security experts and agencies warning the public about the dangers of answering smartphone calls and messages from specific threat groups and campaigns. Public cybersecurity advisory I-051525-PSA has warned that the FBI has observed a threat campaign, ongoing since April 2025, that uses malicious text and voice messages impersonating senior U.S. officials, including those in federal and state government roles, to gain access to personal information and ultimately valuable online accounts. As with the latest Google Threat Intelligence Group warning, these attacks are based around the fishing tactic of using AI-generated voice messages along with carefully crafted text messages, known as smishing, as a method of engendering trust and, as the FBI described it, establishing rapport with the victim. 'Traditionally, malicious actors have leveraged smishing, vishing, and spear phishing to transition to a secondary messaging platform,' the FBI warned, 'where the actor may present malware or introduce hyperlinks that direct intended targets to an actor-controlled site that steals log-in information, like usernames and passwords.' The latest warnings regarding this scam call campaign have appeared on social media platforms such as X, formerly known as Twitter, from the likes of the FBI Cleveland and FBI Nashville, as well as on law enforcement websites, including the New York State Police. The message remains the same: the FBI won't call you demanding money or access to online accounts, and the New York State Police won't call you demanding sensitive information or threatening you with arrest over the phone. 'Malicious actors are more frequently exploiting AI-generated audio to impersonate well-known, public figures or personal relations to increase the believability of their schemes,' the FBI advisory warned. The FBI has recommended that all smartphone users, whether they iPhone or Android devices, must seek to verify the true identity of the caller or sender of a text message before responding in any way. 'Research the originating number, organization, and/or person purporting to contact you,' the FBI said, 'then independently identify a phone number for the person and call to verify their authenticity.' To mitigate the UNC6040 attack risk, GITG said that organisations should consider the following steps: And, of course, as Google has advised in previous scam warnings, don't answer those phone calls from unknown sources. If you do, and it's someone claiming to be an IT support person, follow the FBI advice to hang up and use the established methods within your organization to contact them for verification.
Yahoo
3 hours ago
- Yahoo
Wife of Colorado firebombing suspect brought Jewish neighbors welcome gift weeks prior to attack
An observant Jewish couple described the horror of finding out that their neighbor, whose wife recently knocked on their door with a housewarming gift, was suspected of firebombing a peaceful pro-Israel demonstration in the heart of Boulder. The Costello family had barely begun unpacking boxes in their new Colorado Springs home when the FBI showed up at their doorstep and explained a neighbor, illegal Egyptian immigrant Mohamed Sabry Soliman, 45, was arrested for allegedly injuring 12 people in front of the Boulder County courthouse. "I come home, and the FBI is waiting at my door. That's a scary moment," David Costello shared with Fox News Digital. "They told us, 'You're not in trouble,' but then they asked if we knew what happened in Boulder." The Costellos said they knew of the Solimans, having met Soliman's wife when she showed up on their front steps offering cupcakes to welcome them to the neighborhood. Rise In Antisemitic Extremism Fuels Wave Of Terror Plots In The United States Since 2020 "The wife came over and gave us some cupcakes," David said. "We keep kosher, so we couldn't eat them, but we accepted them and then we just sort of threw them away." Read On The Fox News App Unaware of the prior interaction, FBI agents told the Costellos it was important they were aware of the terror attack due to their visible Jewish identity, the couple said, with the family proudly displaying a mezuzah on the door. "He had to have driven right past our house to get to Boulder," David said. "He surely saw us moving in [wearing a] tzitzit and a kippah, and my wife's head being covered. It is really by the grace of Hashem, that we weren't attacked.… It's pretty obvious that we're Jewish, like he could have easily just thrown a Molotov cocktail at our door—we don't have an exit through the back—that would have been absolutely disastrous for us." Rise In Antisemitic Extremism Fuels Wave Of Terror Plots In The United States Since 2020 Because the Costellos do not use phones or electronic devices during religious holidays, they had no access to news due to their observance of Shavuot. Their only awareness of the incident came through people knocking on their door asking for interviews and eventually the FBI sharing what had happened. "I didn't realize how big the story was until I turned on my phone after the holiday," David's wife, Rivkah, said. "We moved here to lie low, but suddenly we were in the headlines." The couple had left their former neighborhood due to what they described as persistent anti-Israel activism and discomfort in a Muslim-majority area. David said they were seeking "a place to go and be under the radar." Boulder Terror Attack Latest In Antisemitic Incidents Rising Across Us In 2025 Soliman is currently being held on a $10 million bond and faces multiple charges, including attempted murder and federal hate crimes. According to authorities, he admitted to planning the attack for over a year and expressed a desire to harm "Zionist people." "It's unnerving," Rivkah said. "They said bail was set at $10 million, but that still means there's a possibility he could be released—and we live right across the street. We have five young children. This is terrifying." "I hope people understand what that means for a Jewish family living across the street from someone accused of terrorism," she said. WATCH: Boulder suspect attacks pro-Israel supporters David said the holiday of Shavuot, which celebrates Jewish unity, made the timing of the FBI visit especially meaningful. "We really felt like it was a miracle. While symbols like a mezuzah might make you a target, they also offer spiritual protection," he said. The couple and their family shared that their hope is that antisemitic sentiment does not continue to escalate. "We really don't want to move again," David said. "But if it becomes dangerous, we may not have a choice." Despite the fear, they say the experience has only strengthened their commitment to staying visible and vocal about their faith. "When you're pushed, you can either disappear or stand your ground," David said. "We're choosing to stand."Original article source: Wife of Colorado firebombing suspect brought Jewish neighbors welcome gift weeks prior to attack
Yahoo
3 hours ago
- Yahoo
What is nihilism? A teen charged in a mass shooting plot and a car bomber subscribed to the same ideology, authorities say
An Oregon teen arrested last month in connection with an alleged mass shooting plot targeting a mall in southwestern Washington subscribed to a 'nihilistic violent extremist ideology,' according to officials. Similarly, FBI officials said Guy Edward Bartkus, the man accused of bombing a Palm Springs, California, fertility clinic last month, 'had nihilistic ideations.' It's this 'preoccupation with themes of violence, hopelessness, despair, pessimism, hatred, isolation, loneliness, or an 'end-of-the-world' philosophy' – as the FBI defines nihilistic ideation – that allegedly drives these individuals to violence. Here's how experts and authorities describe nihilism. Nihilism, which is usually defined as a philosophical concept rather than a set of actions, is the belief that 'all values are baseless and that nothing can be known or communicated,' according to Alan Pratt, professor emeritus at Embry-Riddle University. Nihilism is 'associated with extreme pessimism and a radical skepticism that condemns existence,' Pratt wrote in a philosophical definition. 'A true nihilist would believe in nothing, have no loyalties, and no purpose other than, perhaps, an impulse to destroy.' Nihilism is also often connected to German philosopher Friedrich Nietzsche, who argued that 'its corrosive effects would eventually destroy all moral, religious, and metaphysical convictions,' according to Pratt. Retired senior FBI profiler Mary Ellen O'Toole, who has researched past violent actors to provide the FBI with its initial definition of nihilistic ideation, describes nihilism as 'something on a continuum.' 'A person's outlook on life is never black or white,' O'Toole told CNN. 'Over the years, there have been some people that have planned mass violence, where their nihilistic thinking, or view of the world, was very extreme, and then you have some where it's less extreme.' Both FBI investigators and Justice Department prosecutors have recently deployed a new specialized term to describe those radicalized by nihilism – Nihilistic Violent Extremists, or NVEs. In court records on a separate case, the FBI defines NVEs as 'individuals who engage in criminal conduct within the United States and abroad, in furtherance of political, social, or religious goals that derive primarily from a hatred of society at large and a desire to bring about its collapse by sowing indiscriminate chaos, destruction, and social instability.' 'NVEs work individually or as part of a network with these goals of destroying civilized society through the corruption and exploitation of vulnerable populations, which often include minors,' the definition continues. Investigators have found these types of extremists often use social media platforms to 'connect with individuals and desensitize them to violence … corrupting and grooming those individuals towards committing future acts of violence … for the purpose of accelerating the downfall of society.' CNN's Elle Reeve, in her book 'Black Pill: How I Witnessed the Darkest Corners of the Internet Come to Life, Poison Society, and Capture American Politics,' describes the way individuals on social media platforms like 4chan deal in explicit nihilism – with the 'black pill' concept. 'The black pill is a dark but gleeful nihilism: the system is corrupt, and its collapse is inevitable. There is no hope. Times are bad and they're going to get worse. You swallow the black pill and accept the end is coming,' Reeve described. 'You start searching for evidence to prove to yourself that you're correct, and it's easy enough to find … The hardships and heartbreak you've faced can now be explained as the inevitability of a sweeping historical force,' she wrote. 'You spend more time in blackpilled online forums, where the darker the commentary, the more attention it gets, so you compete to write the most creative description of the depravity,' Reeve continued. 'Incels traffic in explicit nihilism too, with the '(black pill)' concept providing an ideological veneer to cover their self-loathing and isolation,' a Just Security article explains. 'Incel,' short for 'involuntary celibate,' describes someone, usually a male, who is frustrated by their lack of sexual experiences. 'Many school shooters and incels display and act upon the same suicidality that also characterizes much nihilist activity. For instance, incels have adopted a phrase, 'going ER,' to describe the phenomenon of taking one's own life in a bloody murder-suicide plot against society,' according to the article. The phrase refers to Elliot Rodger, a 22-year-old who in May 2014 killed six people in Isla Vista, California, before fatally shooting himself. O'Toole says decades ago, the concept of nihilism and holding nihilistic ideations was a phenomenon – but added the 'black pill' terminology first popularized over the last 15 years shows how normalized the nihilistic worldview has become. 'Twenty-five years ago, the shooters that we looked at … didn't have social media, so they couldn't compare notes, and so that didn't give them the opportunity to say, 'Hey, do you feel the same way I do? Yeah, I feel the same way you do,'' O'Toole said. 'Behaviors that were really anecdotal 25 years ago are now being normalized because other people share them.'
