CoinTelegraph 2025-05-07 18:43:36

COLDRIVER using new malware to steal from Western targets — Google

Threat group COLDRIVER is using new malware to steal documents from Western targets, according to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks. According to the Google report, the new malware is installed through four steps. The process involves a “lure website” with a fake CAPTCHA, a PowerShell script downloaded to the user’s clipboard, some device evasion, and retrieval of the final payload. Lastly, the malware is installed. LOSTKEYS payload delivery. Source: Google LOSTKEYS is capable of stealing files from extensions and directories. It can also send system information and running processes back to COLDRIVER. The address from which the parts of the attack come is “165.227.148[.]68” according to Google. The company says it has already taken steps to mitigate any damage the LOSTKEYS malware will cause, including adding the malicious websites to the company’s “Safe Browsing” feature. According to Google, COLDRIVER is a Russian-backed threat group that typically engages in phishing attempts at high-profile Western targets, such as former diplomats, and journalists. In January 2024, it started an attack with a malware called “Spica,” which can execute arbitrary shell commands and download or upload software. Related: Crypto drainers now sold as easy-to-use malware at IT industry fairs Crypto hack losses hit all-time high in 2025 Crypto hacks have surged in 2025, with total losses reaching $2 billion in the first quarter alone — exceeding all losses recorded in 2024 . According to a report by crypto cybersecurity firm Hacken, operational flaws and weak access controls remain key vulnerabilities — even among major centralized and decentralized players. Attackers are also increasingly using social engineering tactics to gain victims’ trust. Contributing to last quarter's losses was the $1.5 billion hack of cryptocurrency exchange Bybit . The February attack was reportedly orchestrated by the Lazarus Group . Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis

Related News

Reddit Cracks Down After AI Bots Secretly Infiltra...
08 May 2025
Jump Crypto Takes Strategic Stake in Securitize to...
08 May 2025
Hedera (HBAR) Seeks Breakout as Indicators Suggest...
08 May 2025
UAE Approves Ripple-Backed Hidden Road to Open Abu...
08 May 2025
Meta back in stablecoin talks three years after ph...
08 May 2025
SEC Files Settlement Agreement Letter: Here is Wha...
08 May 2025

Read the Disclaimer : All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.

COLDRIVER using new malware to steal from Western targets — Google

Most Read News

Related News