🔥 BitDegree partnered with Ogvio - a free international money transfer service! Join the waitlist & grab Rewards! 🎁
Crypto News Exploits
Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: May 08, 2025

✓ Fact Checked

Key Takeaways

  • ​Google reports COLDRIVER is using LOSTKEYS malware to steal documents from Western organizations;
  • LOSTKEYS spreads through fake CAPTCHA sites, clipboard scripts, and avoids security software;
  • Google added the fake sites to Safe Browsing and urges extra monitoring to catch threats early.

Stop overpaying - start transferring money with Ogvio. Join the waitlist & grab early Rewards NOW! 🎁

Google Threat Intelligence Exposes COLDRIVER’s New LOSTKEYS Malware

A new report from Google Threat Intelligence, published on May 7, shows that the hacking group COLDRIVER is using a tool called LOSTKEYS to steal documents from Western organizations.

The malware installation process follows four main steps. First, users are directed to a fake website that displays a false CAPTCHA screen. After interacting with it, a script is placed into the user’s clipboard.

The malware then checks the device for signs of security software and tries to avoid detection. In the final step, it downloads and installs the main program.

Best Crypto Analysis Indicators Explained (Beginner-Friendly Animation)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Best Crypto Analysis Indicators Explained (Beginner-Friendly Animation)

Best Crypto Analysis Indicators Explained (Beginner-Friendly Animation) Best Crypto Analysis Indicators Explained (Beginner-Friendly Animation)

LOSTKEYS collects files from various folders and extensions. It also gathers information about the system and active programs and sends it back to COLDRIVER. Google Threat Intelligence identified the server used for these activities as "165.227.148.68".

Google Threat Intelligence has added the fake websites involved in this attack to its "Safe Browsing" feature to help protect users. The company has also recommended monitoring clipboard activity, checking PowerShell usage, and limiting unknown outgoing network connections as ways to catch similar threats early.

COLDRIVER is linked to Russian interests and has a history of targeting former diplomats, journalists, and other well-known figures. In January 2024, the group used another piece of malware, called Spica, that could run remote commands and move files between infected computers.

LOSTKEYS shows that the group focuses on methods that do not rely only on stealing passwords.

Recently, North Korean hackers known as Contagious Interview created fake cryptocurrency consulting firms. How does the scam work? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Exploits

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Malicious Chrome Add-on 'Crypto Copilot' Slips Fees Into Raydium Trades

Exploits

Malicious Chrome Add-on 'Crypto Copilot' Slips Fees Into Raydium Trades

Upbit Halts Solana Transfers After $36 Million Crypto Heist

Exploits

Upbit Halts Solana Transfers After $36 Million Crypto Heist

Latest Crypto News & Videos

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Exploits

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

UK Proposes No-Gain, No-Loss Tax Rules for DeFi Lending and Liquidity

DeFi

UK Proposes No-Gain, No-Loss Tax Rules for DeFi Lending and Liquidity

South Africa Reserve Bank Hits Pause on Retail CBDC Plans

Regulation

South Africa Reserve Bank Hits Pause on Retail CBDC Plans

Remittance Explained: Will This Newcomer Change the Game? (ANIMATED) Remittance Explained: Will This Newcomer Change the Game? (ANIMATED)
VIDEO

Remittance Explained: Will This Newcomer Change the Game? (ANIMATED)

Toobit Tutorial For Beginners (FULL Animated 2025 Guide) Toobit Tutorial For Beginners (FULL Animated 2025 Guide)
VIDEO

Toobit Tutorial For Beginners (FULL Animated 2025 Guide)

Copy Trading Guide for Beginners (ANIMATED EXAMPLES) Copy Trading Guide for Beginners (ANIMATED EXAMPLES)
VIDEO

Copy Trading Guide for Beginners (ANIMATED EXAMPLES)

Trending Crypto News

Bitcoin's stuck… is the breakout coming?

Bitcoin's stuck… is the breakout coming?

South Korea Expands Anti–Money Laundering Regulations for Crypto

South Korea Expands Anti–Money Laundering Regulations for Crypto

Hong Kong Fire Sparks Crypto Fundraiser: Exchanges Race to Aid Victims

Hong Kong Fire Sparks Crypto Fundraiser: Exchanges Race to Aid Victims

IMF Flags Fragmentation and Flash Crash Threats in Tokenized Markets

IMF Flags Fragmentation and Flash Crash Threats in Tokenized Markets

Ledger Square
binance
×
Verified

GET EARLY REWARDS

Join Ogvio Waitlist
Rating
5.0
Get deal
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!