Coldriver’s threat group uses new malware to steal documents from western targets, According to In a May 7 report from Google Threat Intelligence. Malware, called Lostkeys, shows the group’s evolution from credential phishing to more sophisticated attacks.
According to the Google report, the new malware is installed by four steps. The process involves a “lure website” with a fake captcha, a Powershell script downloaded to the user’s clipboard, some device avoidance, and obtaining a final shipment. Finally, malware is installed.
Lostkeys are capable of stealing files from extensions and directories. It can also send system information and operational processes back to the coldriver. The address where the attack parts arrive is “165.227.148 (.) 68” according to Google.
The company said it has taken steps to ease any damage that will cause lostkeys malware, including adding malicious websites to the company’s “safe browsing” feature.
According to Google, the Coldriver is a Russian -supported threat group that is usually engaged in phishing attempts at high -profile targets, such as former diplomat, and journalists. In January 2024, it started An attack with a malware called “Spica,” which can perform unjust shell commands and download or upload software.
Related: Crypto drainers are now sold as easy to use malware at IT Industry Fairs
Crypto hack losses hit all the time high in 2025
Crypto hacks moved forward in 2025, with a total losses of reaching $ 2 billion in the first quarter only – exceeded all the losses recorded in 2024.
According to a report by Hacken’s crypto cybersecurity firm, operating flaws and vulnerable access controls remain a major weakness – even with major centralized and decentralized players. Attacks are increasingly using social engineering tactics to gain the confidence of the victims.
Contributes to the losses of the last quarter is the $ 1.5 Billion Hack of CryptoCurrency Exchange Bybit. Attack in February has already been reported Orchestrated by the lazarus group.
Magazine: The Lazarus Group’s favorite exploitation – Crypto Hacks Review
