🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Key Takeaways

  • ​Google reports COLDRIVER is using LOSTKEYS malware to steal documents from Western organizations;
  • LOSTKEYS spreads through fake CAPTCHA sites, clipboard scripts, and avoids security software;
  • Google added the fake sites to Safe Browsing and urges extra monitoring to catch threats early.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

A new report from Google Threat Intelligence, published on May 7, shows that the hacking group COLDRIVER is using a tool called LOSTKEYS to steal documents from Western organizations.

The malware installation process follows four main steps. First, users are directed to a fake website that displays a false CAPTCHA screen. After interacting with it, a script is placed into the user’s clipboard.

The malware then checks the device for signs of security software and tries to avoid detection. In the final step, it downloads and installs the main program.

Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

LOSTKEYS collects files from various folders and extensions. It also gathers information about the system and active programs and sends it back to COLDRIVER. Google Threat Intelligence identified the server used for these activities as "165.227.148.68".

Google Threat Intelligence has added the fake websites involved in this attack to its "Safe Browsing" feature to help protect users. The company has also recommended monitoring clipboard activity, checking PowerShell usage, and limiting unknown outgoing network connections as ways to catch similar threats early.

COLDRIVER is linked to Russian interests and has a history of targeting former diplomats, journalists, and other well-known figures. In January 2024, the group used another piece of malware, called Spica, that could run remote commands and move files between infected computers.

LOSTKEYS shows that the group focuses on methods that do not rely only on stealing passwords.

Recently, North Korean hackers known as Contagious Interview created fake cryptocurrency consulting firms. How does the scam work? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating