Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥
Key Takeaways
Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥
A new report from Google Threat Intelligence, published on May 7, shows that the hacking group COLDRIVER is using a tool called LOSTKEYS to steal documents from Western organizations.
The malware installation process follows four main steps. First, users are directed to a fake website that displays a false CAPTCHA screen. After interacting with it, a script is placed into the user’s clipboard.
The malware then checks the device for signs of security software and tries to avoid detection. In the final step, it downloads and installs the main program.
Did you know?
Subscribe - We publish new crypto explainer videos every week!
Crypto Day Trading VS Swapping: What’s More Rewarding? (Animated)
LOSTKEYS collects files from various folders and extensions. It also gathers information about the system and active programs and sends it back to COLDRIVER. Google Threat Intelligence identified the server used for these activities as "165.227.148.68".
Google Threat Intelligence has added the fake websites involved in this attack to its "Safe Browsing" feature to help protect users. The company has also recommended monitoring clipboard activity, checking PowerShell usage, and limiting unknown outgoing network connections as ways to catch similar threats early.
COLDRIVER is linked to Russian interests and has a history of targeting former diplomats, journalists, and other well-known figures. In January 2024, the group used another piece of malware, called Spica, that could run remote commands and move files between infected computers.
LOSTKEYS shows that the group focuses on methods that do not rely only on stealing passwords.
Recently, North Korean hackers known as Contagious Interview created fake cryptocurrency consulting firms. How does the scam work? Read the full story.
To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.