Experts from Kaspersky Lab (Kaspersky Global Emergency Response Team, GERT) have discovered instances of cryptocurrency and personal data theft targeting users of Windows and MacOS worldwide.
According to Bluescreen.kz, the actions of the fraudsters resemble a full-scale campaign. It has even been given the name Tusk. It is reported that Russian-speaking cybercriminals may be behind the attacks.
"First, the attackers lure victims to phishing sites that mimic the design and interface of various legitimate services. To attract attention, they use popular topics such as web3, cryptocurrency, artificial intelligence, and online games. Some of the discovered pages masquerade as a crypto platform, an online role-playing game, and an AI translator", the statement reads.
_______________
For reference: phishing is a type of internet fraud aimed at obtaining users' identification data. This includes the theft of passwords, credit card numbers, bank account details, and other confidential information.
It has become known that the attackers are distributing so-called infostealers and clippers online.
"Infostealers are designed to steal confidential data (including logins and passwords), while clippers intercept data from the clipboard. For example, if a user copies a wallet address to the clipboard, a clipper can replace it with a malicious one", the statement says.
It is reported that the fraudsters place files for downloading malicious software on the hosting company Dropbox. After that, the victim lands on a website. While the attackers load other malicious files, the victim is asked to log in or simply not to close the page.
"Our analysis indicates that this is a carefully thought-out campaign. This is evidenced, among other things, by the fact that the attacks consist of several interconnected stages. It could be the work of a group or a single attacker pursuing financial goals," said Kirill Semyonov, head of the incident detection and response competence centre at Kaspersky Lab.