Kaspersky has detected an online fraud campaign aimed at stealing cryptocurrency and sensitive information by exploiting popular topics such as web3, crypto, AI, online gaming, and beyond. Targeting individuals worldwide, the campaign is believed to be orchestrated by Russian-speaking cybercriminals and spreads info-stealing and clipper malware. Kaspersky’s Global Emergency Response Team (GERT) has uncovered a fraud campaign targeting Windows and macOS users, aiming to steal cryptocurrency and personal data. The attackers lure victims through phishing websites mimicking legitimate services, such as crypto platforms, online games, and AI translators. These sites trick users into giving up sensitive information like crypto-wallet keys or downloading malware, allowing the attackers to drain funds or steal credentials. The campaign, dubbed “Tusk” by Kaspersky, links to Russian-speaking threat actors due to code containing the word “Mammoth” (rus. “Мамонт”), slang for “victim.” Info-stealers like Danabot and Stealc, as well as clipboard-monitoring clippers, are being spread to harvest sensitive data, particularly targeting crypto-wallet addresses.
