The researchers said that if victims follow the instructions in the email and hit the download link to get the TRUMP coins, they instead install a malicious version of a remote access tool known as ConnectWise. Hackers are spreading a malicious remote access tool through an email campaign that targets people interested in buying President Donald Trump’s cryptocurrency through the Binance platform. The emails are made to look like they come from Binance — currently the largest cryptocurrency platform in the world — and offer the ability to earn TRUMP coins through various actions like installing Binance software, registering an account on the platform and depositing funds. Cybersecurity researchers at Cofense told Recorded Future News that they are unsure of who is behind the recent campaign, which allows the hackers to steal information from infected computers. “Moreover because it is technically legitimate there are a large number of files that it uses which cannot simply be blocked because they are also used by legitimate installations of ConnectWise RAT,” Cofense’s name for the malicious version. Gannon said due to its simplicity, ConnectWise RAT can be used by threat actors of varying skill levels — from people who really don’t know what they are doing all the way up to advanced persistence threat (APT) groups trying to disguise their activities. This is in contrast to most ConnectWise RAT installations where the threat actor will only decide to interact with an infected host after some time has passed,” Cofense explained. The emails take multiple steps to impersonate Binance, using the name of the company in the sender’s name and even including a “risk warning” in an effort to make the emails look legitimate. Max Gannon, Intelligence Manager at Cofense, said the company has seen a wide variety of threat actors abuse ConnectWise recently. The fake website that greets victims is also painstakingly designed to look legitimate, using real images from the Binance and TRUMP coin websites. The download link on the site downloads the installer for the malicious version of ConnectWise instead of Binance’s desktop platform. Trump announced the coin ahead of his inauguration in January and companies tied to the president allegedly earned millions from it, raising severe concerns of corruption by ethics experts and even cryptocurrency advocates. Cofense has released multiple reports this year on various phishing campaigns deploying ConnectWise RAT.
This Cyber News was published on therecord.media. Publication date: Mon, 10 Mar 2025 16:45:11 +0000