Please Register !
Scammers Exploit AI & Web3 Hype to Spread Sophisticated Crypto Malware
Please Register !
A fresh wave of highly advanced crypto-stealing malware is sweeping across the web, as cybercriminals increasingly disguise themselves behind fake AI, Web3, and gaming startups. These fraudsters leverage the excitement surrounding future technologies to lure unsuspecting victims into downloading malicious software under the guise of testing “innovative apps.”
Cybersecurity firm Darktrace has issued a stark warning: these scams are carefully crafted social engineering campaigns, weaponizing the trust people place in startup culture.
Please Register !
Fake Companies, Real Losses
Please Register !
The attackers have gone to extreme lengths to make their phony companies look legitimate. They build fake websites, polished GitHub pages, social profiles, whitepapers, and even detailed fake “About Us” team pages — sometimes hosted on platforms like Notion.
To boost credibility, they often tie these sites to seemingly authentic or compromised X (formerly Twitter) accounts, regularly posting fake updates, blogs, and announcements to reinforce their lies.
Please Register !
Gaming & AI Used as Bait
Please Register !
One of the fraudulent projects uncovered was a fake blockchain game called Eternal Decay. Its creators fabricated screenshots of alleged conference appearances and made up investor lists. The stolen in-game visuals were traced back to an entirely unrelated game, Zombie Within.
Other fake brands linked to these schemes include:
-
Pollens AI
-
Swox
-
Buzzu
All these “startups” share similar branding, design, and backend code, further proving this is a coordinated scam.
Please Register !
How the Malware Infects You
Please Register !
Victims are typically contacted through X, Telegram, or Discord, where scammers pretend to be startup employees offering rewards like crypto in exchange for testing new software. Users receive a registration code and a link to a professional-looking download page — but the apps are loaded with malware.
Darktrace’s analysis identified malware targeting both Windows and macOS systems:
-
Windows: The malware uses Electron-based apps to gather device data, silently download malicious payloads, and execute them.
-
macOS: Users download disguised DMG installers containing Atomic Stealer malware, which harvests browser data, wallet credentials, and sensitive files, sending them to hacker-controlled servers.
These malicious tools use advanced evasion methods: stolen certificates, obfuscation, and stealth background operations to avoid detection.
Please Register !
The Threat Group Behind the Scheme
Please Register !
Darktrace connects these tactics to a previously identified malware gang known as CrazyEvil, which security firm Recorded Future flagged earlier this year. While it’s not confirmed if CrazyEvil runs this exact campaign, the patterns are strikingly similar:
-
Fake companies
-
Sophisticated social engineering
-
Focus on crypto-related targets
Please Register !
Crypto Crime in 2025: The Bigger Picture
Please Register !
The crypto crime surge is only escalating. Malware campaigns and credential theft are pushing 2025 toward record-breaking crypto losses.
Kaspersky reports:
-
83.4% YoY increase in crypto-related phishing attacks
-
3.6x spike in mobile banking trojans
-
Traditional bank malware? Declining.
→ Attackers are moving away from fiat and zeroing in on crypto wallets.
Please Register !
Emerging Threat: “SparkKitty”
Please Register !
A new mobile malware strain called SparkKitty has been wreaking havoc since early 2024. Masquerading as TikTok mods or crypto apps, it infiltrated even Google Play and Apple’s App Store. It uses OCR technology to scan screenshots of seed phrases stored in photo galleries.
SparkKitty evolved from the earlier SparkCat campaign and specializes in stealing crypto credentials right from user devices.
Please Register !
Unexpected Attack Vectors
Please Register !
In May, security analysts traced malware back to Procolored, a Chinese printer manufacturer. Their official printer drivers carried a hidden remote access trojan, hijacking copied wallet addresses during transactions — swapping them with hacker-controlled addresses.
Please Register !
Please Register !
Massive Credential Leaks Raise Stakes
Please Register !
A data breach exposed by Cybernews revealed over 16 billion stolen credentials, collected largely via infostealer malware. These include access to platforms like Telegram, GitHub, and Apple — further heightening risks for crypto holders managing digital assets online.
Combined with CertiK’s estimate of $2.2 billion lost in crypto attacks during H1 2025, this paints a bleak but realistic picture of how cybercriminals are evolving.
Please Register !
Final Thoughts
Please Register !
The lesson here is simple: if it looks too good to be true, it is. Whether it's a flashy AI startup or the “next big” blockchain game, always verify sources independently.
Crypto malware campaigns are no longer amateurish. They’re professional, well-funded, and highly convincing.
Stay alert. Protect your wallets. Trust, but verify.
