Skip to content

Fake Trump cryptocurrency Binance email scam installs ConnectWise RAT

  • by
  • 3 min read

Photo by Morrowind/Shutterstock.com

A sophisticated email phishing campaign targets cryptocurrency enthusiasts by masquerading as an official Binance communication, luring victims with the promise of free Trump coins. However, instead of accessing these digital assets, victims unwittingly install a remote access trojan (RAT) known as ConnectWise, enabling cybercriminals to seize control of their devices in under two minutes.

According to researchers, phishing emails are crafted to closely resemble official Binance correspondence using ‘Binance’ as the sender’s name and incorporating elements that instil a false sense of legitimacy. Notably, the emails include a ‘risk warning,’ a common feature in genuine Binance communications, which increases the likelihood of users trusting the message.

This is an image of binance cofence trump ss1
A sample of the malicious email. | Source: Cofense

Upon clicking the provided link, victims are redirected to a website mimicking Binance’s interface. The fraudulent website does not directly replicate Binance’s Trump coin page or client download section but blends images from both to create a deceptive interface.

Below the primary content, additional installation steps are included, further reinforcing the illusion of legitimacy.

Victims who attempt to download the purported Binance desktop client receive an installer for ConnectWise RAT. Once executed, the malware establishes a connection to a command-and-control (C2) server that the attackers actively monitor.

This is an image of binance cofence trump ss2
ConnectWise RAT installer. | Source: Cofense

Unlike typical ConnectWise RAT infections, where attackers may delay engagement with compromised machines, the perpetrators behind this campaign act swiftly — gaining remote access to victims’ systems in les than two minutes.

After gaining access, the attackers primarily focus on extracting stored credentials from web browsers like Microsoft Edge. ConnectWise RAT, while not traditionally an information-stealing tool, enables cybercriminals to obtain saved passwords and other sensitive data, effectively bypassing the RAT’s usual limitations.

Researchers advise users to exercise extreme caution when receiving emails purportedly from cryptocurrency exchanges. Key protective measures include verifying sender details, examining URLs, using multi-factor authentication (MFA), and updating the security software.

In the News: JioHotstar, LV, Warner Bros, and others fight copycat websites surge

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of fraud scam featured

JioHotstar, LV, Warner Bros, and others fight copycat websites surge

This is an image of foxconn shenzhen

Foxconn unveils FoxBrain, its in-house LLM for manufacturing

  • by
  • AI, In News
This is an image of digtialarrest featured pixabay ss1

Delhi Police arrests four in Rs 44.50 lakh digital arrest scam

This is an image of cyber security internet security featured

SideWinder targets logistics, nuclear sectors in Asian and African countries

This is an image of meta fb oculus workspace whatsapp messenger instagram

Whistleblower alleges Meta suppressed dissident for China access

This is an image of dark web hacker security

North Korean hackers deploy Qilin ransomware in new attacks

>