The malware activated automatically upon installation, targeting both Windows and macOS operating systems. A deceptive graphical user interface (GUI) was used to distract victims while malicious activities occurred in the background.
Specifically, the payloads are downloaded from a fake website that advertises a cryptocurrency trading bot service, but is in fact an attempt to give the domain a veneer of legitimacy.
This approach not only helps the threat actor evade detection, but also allows them to expand the malware's capabilities at will by modifying the payloads hosted on the website.
The CryptoAITools malware conducts extensive data theft, harvesting sensitive data from victims' systems while a fake installation GUI misleads them.
Collection
[
|
...
]