🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥
Ledger
Crypto News Exploits
Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: May 08, 2025

✓ Fact Checked

Key Takeaways

  • ​Google reports COLDRIVER is using LOSTKEYS malware to steal documents from Western organizations;
  • LOSTKEYS spreads through fake CAPTCHA sites, clipboard scripts, and avoids security software;
  • Google added the fake sites to Safe Browsing and urges extra monitoring to catch threats early.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

A new report from Google Threat Intelligence, published on May 7, shows that the hacking group COLDRIVER is using a tool called LOSTKEYS to steal documents from Western organizations.

The malware installation process follows four main steps. First, users are directed to a fake website that displays a false CAPTCHA screen. After interacting with it, a script is placed into the user’s clipboard.

The malware then checks the device for signs of security software and tries to avoid detection. In the final step, it downloads and installs the main program.

Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)

Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated) Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)

LOSTKEYS collects files from various folders and extensions. It also gathers information about the system and active programs and sends it back to COLDRIVER. Google Threat Intelligence identified the server used for these activities as "165.227.148.68".

Google Threat Intelligence has added the fake websites involved in this attack to its "Safe Browsing" feature to help protect users. The company has also recommended monitoring clipboard activity, checking PowerShell usage, and limiting unknown outgoing network connections as ways to catch similar threats early.

COLDRIVER is linked to Russian interests and has a history of targeting former diplomats, journalists, and other well-known figures. In January 2024, the group used another piece of malware, called Spica, that could run remote commands and move files between infected computers.

LOSTKEYS shows that the group focuses on methods that do not rely only on stealing passwords.

Recently, North Korean hackers known as Contagious Interview created fake cryptocurrency consulting firms. How does the scam work? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

LockBit Hacked: 60,000 Bitcoin Addresses and 4,400 Ransom Chats Go Public

Exploits

LockBit Hacked: 60,000 Bitcoin Addresses and 4,400 Ransom Chats Go Public
Kraken Outsmarts North Korean Hacker in Job Interview Trap

Exploits

Kraken Outsmarts North Korean Hacker in Job Interview Trap
Crypto Thieves Go Old-School: Ledger Users Hit by Mail Scam

Exploits

Crypto Thieves Go Old-School: Ledger Users Hit by Mail Scam

Latest Crypto News & Videos

Bitcoin broke $100K… is it real this time?

Daily Squeeze

Bitcoin broke $100K… is it real this time?
German Police Shut Down Crypto Platform eXch Linked to Bybit Hacks

Regulation

German Police Shut Down Crypto Platform eXch Linked to Bybit Hacks
30-Year Sentence for Funding ISIS with $185,000 in Crypto, Says DOJ

Regulation

30-Year Sentence for Funding ISIS with $185,000 in Crypto, Says DOJ
The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED) The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)
VIDEO
The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)
What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained
VIDEO
What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained
What Is Chia? | Crypto Finally Explained What Is Chia? | Crypto Finally Explained
VIDEO
What Is Chia? | Crypto Finally Explained

Trending Crypto News

Las Vegas Crypto Host Abducted by Teens, Forced to Give Up Wallets

Las Vegas Crypto Host Abducted by Teens, Forced to Give Up Wallets

US-China Trade Deal Nears: Bitcoin’s Surge Faces a Reality Check

US-China Trade Deal Nears: Bitcoin’s Surge Faces a Reality Check

Stricter Rules Could Push Users Toward Privacy-First Stablecoins

Stricter Rules Could Push Users Toward Privacy-First Stablecoins

Pope Leo XIV Warns AI Could Threaten Jobs, Fairness, and Dignity

Pope Leo XIV Warns AI Could Threaten Jobs, Fairness, and Dignity

Ledger
Binance
KuCoin
Ledger
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating
Get deal
See all Provider Coupons
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!