Threat analysts have uncovered a sophisticated, two-pronged malware campaign targeting victims both inside and outside of the crypto industry.

In a recent report, cyber intelligence firm Silent Push identified the PoisonSeed malware campaign, which initially targets the users of bulk email providers including Mailchimp and SendGrid.

A fake Mailchimp page generated as part of the PoisonSeed malware campaign. Image: Silent Push

In one case, a content creator was sent a fraudulent message that claimed their account had been restricted—and they were duped into providing their login details through a bogus but "pixel-perfect" website.

A fake SendGrid page generated as part of the PoisonSeed malware campaign. Image: Silent Push

From here, their mailing lists are downloaded en masse, in a process that Silent Push describes as "extremely quick and likely automated."

The next step sees unsuspecting subscribers sent emails purporting to be from crypto exchange Coinbase, which claim that the exchange is "transitioning to self-custodial wallets."

A 12-word seed phrase is provided, which the victims of the scam are told to import into their account—but doing so would give malicious actors the freedom to drain all of the crypto out of their wallet.

PoisonSeed victims are sent a phishing email purporting to be from Coinbase. Image: Silent Push

One of the Mailchimp customers affected, Microsoft regional director Troy Hunt, said he received the phishing email when he was "really jet lagged and really tired," leaving him vulnerable.

Although the penny dropped that something wasn't right immediately after he entered his login details—and he promptly changed his password—the mailing list had already been exported.

"Reading it again now, that's a very well-crafted phish," Hunt wrote. "It socially engineered me into believing I wouldn't be able to send out my newsletter so it triggered 'fear,' but it wasn't all bells and whistles about something terrible happening if I didn't take immediate action. It created just the right amount of urgency without being over the top."

Silent Push said that it is treating PoisonSeed as being distinct from two "loosely aligned threat actors" called Scattered Spider and CryptoChameleon—despite the fact these campaigns use similar phishing domains, and have targeted Coinbase and Ledger users in the past.

It's a sobering illustration that it isn't just consumers who need to be vigilant in the face of social engineering scams, but also content creators with large audiences for their newsletters.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。