- Cofense is warning about an ongoing phishing campaign
- Threat actors are impersonating Binance and promising their victims $TRUMP coins
- The victims are enticed to download ConnectWise RAT
Cybercriminals are taking advantage of the "TRUMP coin craze to steal people’s information and possibly other cryptocurrencies, Cofense has warned.
Earlier this year, US President Donald Trump launched a “memecoin” (a cryptocurrency coin made for fun) called $TRUMP. Following its launch, the price of the token soared by over 300% overnight.
Within two days, it became the 19th most valuable cryptocurrency globally, with a total trading value nearing $13 billion based on a $64 value per token for the 200 million tokens issued by the afternoon of January 19.
ConnectWise RAT
These kinds of events are golden opportunities for cybercriminals. As reported by Cofense, the threat actors made a fake Binance website which - while not perfect - does a good job at pretending to be the popular cryptocurrency exchange. The attackers then sent out phishing emails, telling their victims that they could redeem recently created $TRUMP coins, but only if they move fast and download “Binance Desktop”.
Instead of actually getting the exchange’s desktop client, the victims would install the ConnectWise RAT - a once-legitimate Remote Desktop Manager (RDM) exploited by cybercriminals to act as malware. As soon as the fake software is installed, the attackers would move in and try to take over the device.
This is somewhat unusual, Cofense said, since in most ConnectWise RAT cases the threat actor would interact with the victim after some time had passed. In any case, the RAT is then used to exfiltrate passwords saved in Microsoft Edge and other programs and applications supported by the Trojan.
Phishing campaigns often leverage current events, since they help create a sense of urgency. Fast-selling tickets to events such as the Olympics, or the World Cup, Black Friday deals, or cryptocurrency tokens quickly rising in prices, can trigger FOMO with the consumers, making them ideal foundations for a scam campaign.
You might also like
- Beware, that Social Security email could be hiding dangerous malware
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
