Cybersecurity analysts have discovered a new phishing campaign aimed at crypto users, utilizing FatalRAT alongside Clipper and Keylogger malware. Cyble Research and Intelligence Labs have exposed this phishing campaign targeting Chinese crypto investors and organizations, specifically those using the Exodus crypto wallet.
In a recent blog post, the cybersecurity experts detailed how unknown threat actors have set up a fake website resembling the Exodus crypto wallet interface to deceive victims into unknowingly sharing their private information. Once users fall for the trap and download the software posing as legitimate Exodus installers from the phishing site, they unwittingly install FatalRAT, a type of malware that enables hackers to remotely control the victim’s computer.
The malicious program also tricks users by initiating the Exodus installation process, making it seem legitimate, while diverting their attention to conceal its true malicious intent.
You might also like:
- Hackers target Telegram and WhatsApp users with trojanized apps to steal crypto
Cyble disclosed that alongside the Exodus program, the installer also deploys other harmful components like Clipper and Keylogger, designed to intercept and modify clipboard data on the victim’s computer. The analysts highlighted that the hackers have implemented new .dll side-loading techniques to avoid detection this time. While the scale of the attack remains unclear, the hackers seem to be focusing on Chinese crypto investors and companies by using Chinese-language installers, as per Cyble’s observations.
Read more:
- Chinese hackers target crypto investors with fake Skype