Warning: Malicious software attack activity spreads false wallet mnemonic words through blacklisted email lists

According to Decrypt, cybersecurity experts have recently discovered a dual malware attack targeting users within and outside the cryptocurrency industry. The cyber intelligence company Silent Push has revealed in its latest report a malicious activity called PoisonSeed, which first forged login pages of bulk mail service providers such as Mailchimp and SendGrid to steal user credentials. The attacker sends false emails, falsely claiming that the user's account is restricted, luring them to log in to the high imitation website. After entering credentials, the attacker quickly and automatically exports the email subscription list. Subsequently, the attacker used the stolen subscription list to impersonate Coinbase and send phishing emails to the victim's contacts, claiming that the exchange was "transitioning to a self managed wallet" and attaching 12 mnemonic words to lure users into importing the wallet, actually allowing hackers to control the assets. Microsoft Regional Director Troy Hunt was hit due to time difference fatigue. Although he promptly changed the password, the subscription lists of 56000 users have been stolen. Hunt later stated, "This phishing email was cleverly designed to create a sense of urgency by exploiting the fear of not being able to send press releases, without exaggerating the threat and making it difficult to prevent." Although PoisonSeed uses similar domains to Scattered Spider and CryptoChameleon organizations that previously targeted Coinbase and Ledger users, Silent Push believes that it is backed by independent attackers.