Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

The Hacker News by The Hacker News
April 7, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Apr 07, 2025Ravie LakshmananCloud Security / Cryptocurrency

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.

“Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an analysis. “As part of the attack, PoisonSeed provides security seed phrases to get potential victims to copy and paste them into new cryptocurrency wallets for future compromising.”

Targets of PoisonSeed include enterprise organizations and individuals outside the cryptocurrency industry. Crypto companies like Coinbase and Ledger, and bulk email providers such as Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho are among the targeted crypto companies.

Cybersecurity

The activity is assessed to be distinct from two loosely aligned threat actors Scattered Spider and CryptoChameleon, which are both part of a broader cybercrime ecosystem called The Com. Some aspects of the campaign were previously disclosed by security researcher Troy Hunt and Bleeping Computer last month.

The attacks involve the threat actors setting up lookalike phishing pages for prominent CRM and bulk email companies, aiming to trick high-value targets into providing their credentials. Once the credentials are obtained, the adversaries proceed to create an API key to ensure persistence even if the stolen password is reset by its owner.

In the next phase, the operators export mailing lists likely using an automated tool and send spam from those compromised accounts. The post-CRM-compromise supply chain spam messages inform users that they need to set up a new Coinbase Wallet using the seed phrase embedded in the email.

The end goal of the attacks is to use the same recovery phrase to hijack the accounts and transfer funds from those wallets. The links to Scattered Spider and CryptoChameleon stem from the use of a domain (“mailchimp-sso[.]com”) that has been previously identified as used by the former, as well as CryptoChameleon’s historical targeting of Coinbase and Ledger.

That said, the phishing kit used by PoisonSeed does not share any similarity with those used by the other two threat clusters, raising the possibility that it’s either a brand new phishing kit from CryptoChameleon or it’s a different threat actor that just happens to use similar tradecraft.

Cybersecurity

The development comes as a Russian-speaking threat actor has been observed using phishing pages hosted on Cloudflare Pages.Dev and Workers.Dev to deliver malware that can remotely control infected Windows hosts. A previous iteration of the campaign was found to have also distributed the StealC information stealer.

“This recent campaign leverages Cloudflare-branded phishing pages themed around DMCA (Digital Millennium Copyright Act) takedown notices served across multiple domains,” Hunt.io said.

“The lure abuses the ms-search protocol to download a malicious LNK file disguised as a PDF via a double extension. Once executed, the malware checks in with an attacker-operated Telegram bot-sending the victim’s IP address-before transitioning to Pyramid C2 to control the infected host.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Účasť DB HiTek na PCIM 2025, posilnenie pôsobnosti na európskom trhu

Účasť DB HiTek na PCIM 2025, posilnenie pôsobnosti na európskom trhu

Recommended.

Kansas City Fed’s Schmid shows hesitation about widely expected September rate cut

Kansas City Fed’s Schmid shows hesitation about widely expected September rate cut

August 21, 2025
TELUS completes redemption of 3.75% Notes, Series CV due March 10, 2026

TELUS completes redemption of 3.75% Notes, Series CV due March 10, 2026

January 17, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio