The PoisonSeed malicious campaign exploits compromised credentials from CRM tools and bulk email providers to propagate spam containing cryptocurrency seed phrases. This tactic aims to convince victims to unwittingly set up wallets with compromised seed phrases, thereby facilitating unauthorized access to their digital assets. Targets range from enterprises to individuals, with notable victims including major crypto firms and email providers. The campaign's intricacy involves phishing pages mimicking legitimate services, which extract sensitive information for long-term exploitation, even after credential resets. The ultimate goal is to hijack victims' accounts and drain their funds using the provided recovery phrases.
Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack, providing security seed phrases to tempt victims into compromising new wallets.
The attacks involve the threat actors setting up lookalike phishing pages for CRM and bulk email companies to trick high-value targets into providing credentials.
Once the credentials are obtained, adversaries create an API key to ensure persistence, exploiting vulnerabilities even if the stolen password is reset.
The end goal of the attacks is to hijack accounts and transfer funds using the same recovery phrase embedded in the spam messages.
Collection
[
|
...
]