🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥
Ledger
Crypto News Exploits
Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: May 08, 2025

✓ Fact Checked

Key Takeaways

  • ​Google reports COLDRIVER is using LOSTKEYS malware to steal documents from Western organizations;
  • LOSTKEYS spreads through fake CAPTCHA sites, clipboard scripts, and avoids security software;
  • Google added the fake sites to Safe Browsing and urges extra monitoring to catch threats early.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

A new report from Google Threat Intelligence, published on May 7, shows that the hacking group COLDRIVER is using a tool called LOSTKEYS to steal documents from Western organizations.

The malware installation process follows four main steps. First, users are directed to a fake website that displays a false CAPTCHA screen. After interacting with it, a script is placed into the user’s clipboard.

The malware then checks the device for signs of security software and tries to avoid detection. In the final step, it downloads and installs the main program.

What is ENS? Ethereum Name Service Explained (ANIMATED)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is ENS? Ethereum Name Service Explained (ANIMATED)

What is ENS? Ethereum Name Service Explained (ANIMATED) What is ENS? Ethereum Name Service Explained (ANIMATED)

LOSTKEYS collects files from various folders and extensions. It also gathers information about the system and active programs and sends it back to COLDRIVER. Google Threat Intelligence identified the server used for these activities as "165.227.148.68".

Google Threat Intelligence has added the fake websites involved in this attack to its "Safe Browsing" feature to help protect users. The company has also recommended monitoring clipboard activity, checking PowerShell usage, and limiting unknown outgoing network connections as ways to catch similar threats early.

COLDRIVER is linked to Russian interests and has a history of targeting former diplomats, journalists, and other well-known figures. In January 2024, the group used another piece of malware, called Spica, that could run remote commands and move files between infected computers.

LOSTKEYS shows that the group focuses on methods that do not rely only on stealing passwords.

Recently, North Korean hackers known as Contagious Interview created fake cryptocurrency consulting firms. How does the scam work? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

Cetus Seeks Green Light to Recover $162 Million in Frozen Crypto

Exploits

Cetus Seeks Green Light to Recover $162 Million in Frozen Crypto
Solana Co-Founder Raj Gokal Doxxed in Migos Instagram Account Hack

Exploits

Solana Co-Founder Raj Gokal Doxxed in Migos Instagram Account Hack
Cetus Hit by Exploit—$220 Million Gone, $6 Million Bounty on the Table

Exploits

Cetus Hit by Exploit—$220 Million Gone, $6 Million Bounty on the Table

Latest Crypto News & Videos

Crypto in Limbo: Former CFTC Chair Behnam Says US Needs Real Rules

Regulation

Crypto in Limbo: Former CFTC Chair Behnam Says US Needs Real Rules
Telegram to Get Grok AI Bot as xAI Closes in on $300 Million Deal

Business

Telegram to Get Grok AI Bot as xAI Closes in on $300 Million Deal
Libra Wallets Locked: $58 Million in USDC Frozen By Court Order

Regulation

Libra Wallets Locked: $58 Million in USDC Frozen By Court Order
The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED) The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)
VIDEO
The Most Rewarding Play-to-Earn Project? BitDegree Explained (ANIMATED)
What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained
VIDEO
What Are Crypto Quests? EASIEST Ways to Earn Rewards Explained
What Is Chia? | Crypto Finally Explained What Is Chia? | Crypto Finally Explained
VIDEO
What Is Chia? | Crypto Finally Explained

Trending Crypto News

AI-Powered Hard Hats? Buildots Raises $45 Million to Scale Up

AI-Powered Hard Hats? Buildots Raises $45 Million to Scale Up

Russia Approves Crypto-Tied Investments With Strict Limits

Russia Approves Crypto-Tied Investments With Strict Limits

Fed minutes dropped - and it’s not good vibes

Fed minutes dropped - and it’s not good vibes

GameStop Joins the Bitcoin Club With $513 Million Crypto Bet

GameStop Joins the Bitcoin Club With $513 Million Crypto Bet

Ledger
Binance
KuCoin
Ledger
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating
Get deal
See all Provider Coupons
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!