Cybersecurity specialists from Darktrace have uncovered a sophisticated cryptocurrency theft scheme where attackers pose as legitimate AI, gaming, and Web3 initiatives. These malicious actors employ social engineering techniques to deceive users into installing malware camouflaged as beta-testing applications, luring victims with promises of cryptocurrency rewards.
According to recent investigations detailed in Scammers Disguised as Startups: New Virus Steals Crypto via Fake Test Apps, the fraudsters operate through popular platforms including X (formerly Twitter), Telegram, and Discord. They cleverly use compromised accounts and authentic-looking startup documentation to establish credibility.
The attackers direct potential victims to phishing websites that expertly mimic legitimate companies. Once installed, the malware silently gathers sensitive system information—including CPU specifications, MAC addresses, and unique device identifiers—which is then used to breach cryptocurrency wallets.
What makes this threat particularly dangerous is its cross-platform capability, functioning on both Windows and macOS systems. Security analysts note that the malware's techniques resemble those previously employed by the infamous Crazy Evil hacking collective, suggesting either imitation or possible connection to the group.