Trump Cryptocurrency Delivers ConnectWise RAT

March 11, 2025, 6:53 p.m.

Description

An email campaign impersonating Binance is offering fake TRUMP coins to lure victims into downloading a malicious 'Binance Desktop' application, which actually installs ConnectWise RAT. The attackers have created a convincing web page mimicking Binance's interface to host the malware download. Once infected, threat actors quickly establish remote control of the victim's computer, targeting saved passwords in applications like Microsoft Edge. The campaign employs sophisticated social engineering tactics, including sender name spoofing and risk warnings, to appear legitimate. Threat actors are actively monitoring infections and can connect to compromised systems within minutes of installation.

External References

https://securityboulevard.com/2025/03/trump-cryptocurrency-delivers-connectwise-rat/
https://otx.alienvault.com/pulse/67d0743fa696bc6ef3985a7d
Tags
phishing
social engineering
remote access trojan
2025-03-11
cryptocurrency scam
password theft
binance impersonation
connectwise rat

Date

  • Created: March 11, 2025, 5:34 p.m.
  • Published: March 11, 2025, 5:34 p.m.
  • Modified: March 11, 2025, 6:53 p.m.

Indicators

  • shopifycourses.store
Download all indicators here!

Attack Patterns

  • ConnectWise RAT