- A new malware campaign targets users of email service providers like Mailchimp
- The campaign involves sending unsolicited emails to the users, duping them into revealing their login details to their bulk email service providers
- The malicious actors then download a victim’s mailing list to target crypto and non-crypto users
Malicious actors are now targeting users of bulk email service providers like Mailchimp and SendGrid in a new crypto malware campaign. The campaign involves sending unsolicited emails to these users, intending to steal their login details and consequently downloading their mailing list to further their malicious agenda. They then use the mailing list to target crypto exchange and wallet users using “pixel-perfect” cloned websites, something that increases the number of victims and stolen funds.
The “PoisonSeed” Campaign
According to a report by Silent Push, a cyber intelligence firm, the campaign is known as “PoisonSeed”. Silent Push noted that “email providers appear to be targeted mainly to provide infrastructure for cryptocurrency spam operations.”
After getting a victim’s mailing list, the threat actors then send a seed phrase to crypto exchange users in an attempt to drain their wallets. In one email sent to a Coinbase user, the actors claimed that the exchange is moving from custodial to non-custodial wallets like Coinbase Wallet.
Exchange users are then asked to migrate their assets to supported wallets using the provided seed phrase that represents their “identity” on the exchange. Using the seed phrase drains funds from a victim’s wallet.
Microsoft’s Troy Hunt Falls Prey
Some of those affected include Microsoft’s Troy Hunt, who said his mailing list on Mailchimp was downloaded even after immediately changing his password, indicating that the process is automated.
The campaign is the latest among tactics used by threat actors to steal funds from unsuspecting crypto users. Other recent schemes include selling malware-infected counterfeit smartphones, blackmailing YouTubers into spreading malware, and scanning screenshots for seed phrases.
With malicious actors going for bulk email service providers to get to crypto users, they are likely to nab more victims inside and outside crypto.
