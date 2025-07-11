Crypto-Stealing Malware Surges as Scammers Impersonate AI, Web3 Startups — Here’s the Catch

By: CryptoNews
2025/07/11 19:27
Threshold
T$0.01316+10.03%
SIX
SIX$0.01779+2.59%
Whiterock
WHITE$0.0002148-2.80%
Solana
SOL$196.44+11.12%
RealLink
REAL$0.0716+4.73%
CATCH
CATCH$0.0099-4.80%
SphereX
HERE$0.000209--%
Sleepless AI
AI$0.0832+9.90%

A new wave of sophisticated crypto-stealing malware is spreading across the internet as scammers create fake AI, gaming, and Web3 startups to lure victims into downloading malicious software.

Cybersecurity firm Darktrace has raised the alarm, detailing how these campaigns operate through elaborate social engineering tactics that exploit trust in digital startups.

Attackers are setting up fake companies with convincing websites, social media profiles, GitHub repositories, white papers, and even fake team pages on platforms like Notion.

Many of the sites also appear to be linked to verified or compromised X (formerly Twitter) accounts to appear more legitimate. The fake accounts often post software updates, blog content, and product announcements to maintain the illusion of authenticity.

“Threat actors are going to great lengths to make these fake startups look real,” the firm stated, adding that the scam has already impacted users globally.

Victims are often contacted directly on platforms like X, Telegram, or Discord, with the impersonators presenting themselves as employees of the fake firms, offering cryptocurrency in exchange for testing their software.

Users are then given a registration code and directed to download malware-infected applications from professional-looking websites.

Example of threat actor messaging a victim on X with a registration code.Source: Darktrace

Darktrace Warns of Advanced Malware Campaign Targeting Crypto Users

One of the identified schemes involved a fake blockchain game called “Eternal Decay,” which used altered images to claim conference participation and listed fake investors. Gameplay images were also lifted from another game called “Zombie Within.” Other noted fake startups include names like Pollens AI, Swox, and Buzzu, with nearly identical branding and codebases.

According to Darktrace, the malware, targeting both Windows and macOS users, is capable of stealing crypto wallet credentials and personal information, using tools like the Realst and Atomic Stealer malware families.

Darktrace technical analysis shows that on Windows, the attackers use Electron-based apps to perform system profiling, download malicious files, and execute them quietly.

Code from the Electron app showing console output of system profiling.Source: Darktrace

On macOS, a disguised DMG file installs the Atomic Stealer, which collects browser data, wallet credentials, and other sensitive files before sending them to attacker-controlled servers.

Obfuscated Bash script.Source: Darktrace

Darktrace noted that the malware includes advanced evasion techniques, such as stolen software signing certificates, obfuscation, and persistent background execution to avoid detection.

“This is one of the more elaborate and persistent social engineering campaigns we’ve seen targeting the crypto space,” said a Darktrace researcher familiar with the investigation.

“They’re building out fake companies with all the digital trimmings — even fake merchandise stores and doctored company registrations — just to get users to download malware,” they added.

Notably, Darktrace believes the tactics resemble those previously linked to a malware group known as “CrazyEvil,” identified by Recorded Future earlier this year. That group was known for targeting crypto users and developers through fake projects and social engineering techniques.

While it’s unclear whether CrazyEvil is directly responsible for this campaign, the tactics appear consistent. Darktrace warned that the threat actors are using newer variants of malware and more elaborate deception methods to lure victims.

Malware Campaigns and Credential Breaches Fuel 2025 Crypto Crime Surge

The rise in crypto-targeted scams hasn’t slowed down, and now, a wave of highly coordinated malware and credential breaches is pushing 2025 toward record-breaking crypto losses.

According to Kaspersky’s Financial Cyberthreats report, crypto phishing detections have surged 83.4% year-over-year, while mobile banking Trojan attacks have increased 3.6x.

In contrast, traditional banking malware has declined, indicating a shift in attacker priorities from fiat systems to crypto wallets.

One of the most alarming developments is “SparkKitty,” a sophisticated mobile malware strain active since February 2024.

Notably, the tool, which was disguised as TikTok mods or crypto apps, has infiltrated Google Play and the App Store, bypassing security checks to steal seed phrases stored in user photo galleries.

SparkKitty, an evolution of the earlier SparkCat campaign, uses OCR technology to scan screenshots of wallet credentials from infected devices.

Meanwhile, in May, cybersecurity analysts traced malware back to Procolored, a Chinese printer manufacturer. The printer’s official drivers carried a crypto-stealing remote access trojan, replacing copied wallet addresses with those of attackers.

The scheme went undetected for six months, resulting in the theft of 9.3 BTC, worth nearly $1 million.

Adding to the threat, a massive data breach uncovered by Cybernews revealed over 16 billion login credentials, many collected via infostealer malware.

The breach included sensitive access data from platforms like Telegram, GitHub, and Apple, escalating risks for crypto users managing assets online.

Combined with CertiK’s estimate of $2.2 billion lost to crypto attacks in H1 2025, these incidents indicate the growing sophistication of cybercrime targeting digital assets.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Bitcoin Core v30.0 is officially released with lower fees, an upgraded wallet and GUI, and an expanded OP_RETURN data limit

Bitcoin Core v30.0 is officially released with lower fees, an upgraded wallet and GUI, and an expanded OP_RETURN data limit

The post Bitcoin Core v30.0 is officially released with lower fees, an upgraded wallet and GUI, and an expanded OP_RETURN data limit appeared on BitcoinEthereumNews.com. The anticipated update to the Bitcoin network, Bitcoin Core v30.0, has been officially released and is available for download to node operators. According to release notes shared by Bitcoin Core, the update brings performance improvements and bug fixes. However, many devs and Bitcoin supporters are opposing an update to OP_RETURN, which lets users attach data of up to 100,000 bytes (100KB) instead of the previous 83 byte limit. What are the major changes in Bitcoin Core v30.0? One of the major updates in Bitcoin Core is lower default fees. Nodes can relay transactions between peers with fees as low as 0.1 sat/vB. Miners, on the other hand, will be able to include transactions in the next block with a minimum fee of 0.001 sat/vB.  OP_RETURN, which lets Bitcoin users attach data, like special messages, has more room to attach data, from 83 bytes to 100KB. OP_RETURN has multiple outputs instead of the previous single output. The increase in data limit lets users attach hashes, certificates, or even art metadata.  Moreover, Bitcoin Core v30.0 no longer supports BDB wallets. Users must migrate to descriptor wallets, which are safer and easier to back up. Wallet commands such as importwallet and dumpwallet are also gone. The update also brings TRUC transactions, which avoid transaction conflicts while they wait for confirmation. Another new command is bitcoin, which simplifies how node operators and miners interact with Bitcoin Core. Also, typing bitcoin node, bitcoin gui, or bitcoin rpc replaces multiple older commands. Miners can connect directly to Bitcoin Core with an experimental PC Mining Interface, which works through local sockets, making block template requests faster. The graphical user interface (GUI) received multiple updates as well. The graphical toolkit was updated from Qt5 to Qt6. Dark mode for Windows users is now supported, and on macOS, the…
Core DAO
CORE$0.2672+5.36%
Ambire Wallet
WALLET$0.02471+6.92%
Gui Inu
GUI$0.000003504+22.94%
Share
BitcoinEthereumNews2025/10/13 06:38
Share
UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

The post UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future appeared on BitcoinEthereumNews.com. Key Highlights Microsoft and Google pledge billions as part of UK US tech partnership Nvidia to deploy 120,000 GPUs with British firm Nscale in Project Stargate Deal positions UK as an innovation hub rivaling global tech powers UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future The UK and the US have signed a “Technological Prosperity Agreement” that paves the way for joint projects in artificial intelligence, quantum computing, and nuclear energy, according to Reuters. Donald Trump and King Charles review the guard of honour at Windsor Castle, 17 September 2025. Image: Kirsty Wigglesworth/Reuters The agreement was unveiled ahead of U.S. President Donald Trump’s second state visit to the UK, marking a historic moment in transatlantic technology cooperation. Billions Flow Into the UK Tech Sector As part of the deal, major American corporations pledged to invest $42 billion in the UK. Microsoft leads with a $30 billion investment to expand cloud and AI infrastructure, including the construction of a new supercomputer in Loughton. Nvidia will deploy 120,000 GPUs, including up to 60,000 Grace Blackwell Ultra chips—in partnership with the British company Nscale as part of Project Stargate. Google is contributing $6.8 billion to build a data center in Waltham Cross and expand DeepMind research. Other companies are joining as well. CoreWeave announced a $3.4 billion investment in data centers, while Salesforce, Scale AI, BlackRock, Oracle, and AWS confirmed additional investments ranging from hundreds of millions to several billion dollars. UK Positions Itself as a Global Innovation Hub British Prime Minister Keir Starmer said the deal could impact millions of lives across the Atlantic. He stressed that the UK aims to position itself as an investment hub with lighter regulations than the European Union. Nvidia spokesman David Hogan noted the significance of the agreement, saying it would…
Union
U$0.007272+2.12%
OFFICIAL TRUMP
TRUMP$6.181+5.35%
CROSS
CROSS$0.13757+2.91%
Share
BitcoinEthereumNews2025/09/18 02:22
Share
Tether Embraces Bitcoin and Gold for Reserve Strengthening

Tether Embraces Bitcoin and Gold for Reserve Strengthening

Tether intensifies reserve strategy with Bitcoin and gold acquisition. Company issues tether gold while exploring various gold sector investments. Continue Reading:Tether Embraces Bitcoin and Gold for Reserve Strengthening The post Tether Embraces Bitcoin and Gold for Reserve Strengthening appeared first on COINTURK NEWS.
Share
Coinstats2025/10/13 05:47
Share

Trending News

More

Bitcoin Core v30.0 is officially released with lower fees, an upgraded wallet and GUI, and an expanded OP_RETURN data limit

UK and US Seal $42 Billion Tech Pact Driving AI and Energy Future

Tether Embraces Bitcoin and Gold for Reserve Strengthening

Academic Publishing and Fairness: A Game-Theoretic Model of Peer-Review Bias

Hit Netflix Show Cost Just $26 Million To Make