27-04-2025
Fake Crypto Attacks— What You Need To Know
Beware the fake crypto scammers.
Advanced persistent threat groups affiliated with nation-states are hot hacking news right now. The FBI has just confirmed a $10 million reward for information about individuals belonging to the Chinese Salt Typhoon cyber-espionage group. But China isn't the only player in the state-hacking game; a new report suggests that North Korea and, potentially, Russia could have joined forces in a new and highly dangerous fake crypto security threat. Here's what you need to know.
When it comes to crypto and matters of cybersecurity, there are generally two things that spring immediately to mind: ransomware payments and cryptocurrency theft. Perhaps the best-known types of the latter involve cryptojacking attacks, such as the recent MassJacker malware that resulted in a be careful what you search for warning.
According to an April 24 report from Silent Push, one nation-state-affiliated group, Contagious Interview, is behind a campaign using three separate fake cryptocurrency consulting companies to distribute three malware families to unsuspecting victims.
The malware trio will, ultimately, perform the same task: install infostealers to harvest system information, including browser data, passwords, and files, as well as silently drop remote access software onto the device for persistent access. Oh yes, and there's a tool to connect to cryptocurrency wallets as well. Worried yet? You should be, so take note of what is known about the campaign.
'Our team found that the use of fake job offers to distribute malware, such as BeaverTail, InvisibleFerret, and OtterCookie, enables remote access and data theft,' the report said. The aptly named Contagious Interview group was found to be heavily leaning on AI-generated images to create employee profiles for the three companies concerned, and I recommend you read the full report for all the details. 'As part of the crypto attacks,' the researchers said, 'the threat actors are heavily using GitHub, job listings and freelancer websites.'
Silent Push threat analysts said that they are continuing to track the Contagious Interview attackers as they believe they pose a threat to individuals. The fake crypto campaigns could also, Silent Push concluded, 'provide some corporate risk due to the malware they deploy and the credentials they acquire from devices.'
