Threat actors steal over $1M using social engineering scams

Cybersecurity firm Darktrace reported that threat actors are employing an elaborate social engineering scheme to target cryptocurrency users and drain their wallets.

The scheme involves impersonating employees of fake startups in sectors such as AI, gaming, Web3, and social media to gain victims’ trust.

Compromised accounts on platforms like X are used to support the fraud, along with fabricated Medium articles and GitHub entries.

The fake representatives ask victims to test software in exchange for cryptocurrency payments.

Once the user downloads the software, a Cloudflare verification bubble appears, which begins extracting information from the victim’s computer.

This verification process is crafted to mimic legitimate security checks, making it difficult for users to recognise the threat until their data is compromised. The attackers often use convincing communication tactics and technical subterfuge to bypass common suspicions.

At a certain stage, credentials from cryptocurrency wallets are stolen.

Both Windows and Mac users have been targeted in these attacks.

Darktrace noted similarities between this scheme and the December 2024 Meeten campaign attacks.

Other social engineering attacks targeting crypto users have also been linked to groups allegedly associated with North Korea.

These scams highlight ongoing risks in the cryptocurrency space where threat actors use sophisticated methods to exploit users.

The report underscores the importance of vigilance when approached with unsolicited offers involving software downloads and cryptocurrency transactions.

Users are advised to verify identities carefully and avoid downloading software from untrusted sources.