A phishing email pretending to be from Binance, offering people the chance to claim newly created TRUMP coins, has turned out to be a phishing lure.
Cofense is warning that if victims follow the email’s instructions and download what is called “Binance Desktop,” they actually install a remote access tool that gives malicious actors control of their computers within two minutes.
To make the scam more convincing, the attackers used “Binance” as the sender’s name and included a fake “risk warning” to make the email seem trustworthy. They also fashioned a fake website that closely resembles the Binance site to host the malicious download.
Although they didn’t copy Binance’s official pages exactly, they used images from Binance’s TRUMP coin and client download pages to create a realistic-looking site with installation instructions.
Instead of downloading a real Binance app, the link installs ConnectWise RAT, which connects back to the bad actor’s command center. Once installed, the malefactors quickly take control of infected devices—much faster than the average ConnectWise RAT attack.
After gaining access, they focus on stealing saved passwords from apps like Microsoft Edge, compensating for the RAT’s limited data-stealing abilities.
After Cofense Intelligence discovered this phishing campaign, it was added to PhishMe Security Awareness Training. Now, organizations using PhishMe SAT can train employees to recognize scams like this TRUMP coin attack, even if they bypass other security measures.
Fertile Ground for Social Engineering
Jason Soroko, Senior Fellow at Sectigo, says topical events serve as fertile ground for social engineering, offering attackers a ready-made script that exploits real-time urgency and widespread public attention.
“By aligning phishing messages and malicious campaigns with trending news or current events, cybercriminals enhance credibility and evoke strong emotional reactions, prompting hasty actions from potential victims.”
Control in Under Two Minutes
“This phishing campaign targeting cryptocurrency enthusiasts shows how quickly attackers can compromise systems – gaining control in under two minutes,” adds J Stephen Kowski, Field CTO at SlashNext.
“Sophisticated spoofing techniques, including legitimate-looking emails with risk warnings and convincingly crafted websites combining authentic imagery, highlight why real-time email security scanning with advanced AI detection capabilities is essential for identifying these threats before users interact with them.”
Kowski says entities should implement multi-layered protection that analyzes email content as well as linked destinations to block credential theft, while also educating users about only downloading financial applications directly from official sources.
“Protecting against these rapidly evolving phishing tactics requires solutions that can detect and block malicious URLs and attachments at the point of click, preventing the initial infection that leads to credential theft and system compromise.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.