PoisonSeed campaign hacks business CRM and email accounts to send spam.

Cybercriminals are now targeting business Customer Relationship Management (CRM) accounts to obtain mailing lists for their malicious activities. This malicious campaign, known as PoisonSeed, has a sinister objective: to induce recipients to set up compromised cryptocurrency wallets, allowing hackers to steal their funds.

Silent Push, a cybersecurity research firm, uncovered the PoisonSeed campaign, which involves hackers setting up spoofed landing pages of well-known companies like Coinbase, Ledger, Mailchimp, SendGrid, and Hubspot. By harvesting login credentials from these spoofed pages, cybercriminals gain access to mailing lists that they can exploit for their criminal activities.

The modus operandi of the hackers involves sending out emails impersonating these reputable companies, urging users to set up a new Coinbase Wallet using a seed phrase embedded in the email. The seed phrase, typically a series of 12 to 24 words, serves as a master key granting access to the cryptocurrencies stored in the wallet. By tricking users into creating these new wallets and divulging their seed phrases, hackers can easily divert funds from these wallets to their accounts, resulting in permanent financial losses for the victims.

Silent Push described this malicious tactic as a “cryptocurrency seed phrase poisoning attack,” designed to deceive recipients into copying and pasting security seed phrases into compromised wallets, enabling the cybercriminals to siphon off their funds. The ultimate goal of the PoisonSeed campaign is to exploit the decentralized and permissionless nature of cryptocurrency transactions, making it challenging for victims to recover their stolen funds once they have been transferred to the hackers’ wallets.

The researchers identified two threat groups, Scattered Spider and CryptoChameleon, as the likely perpetrators behind the PoisonSeed campaign. These groups are believed to operate within a larger cybercrime ecosystem known as The Com.

Given the increasing sophistication of cyber threats targeting cryptocurrency users, individuals and businesses alike must exercise extreme caution when dealing with emails or messages urging them to set up new wallets or disclose sensitive information. It is essential to stay vigilant, verify the authenticity of all communications, and never share seed phrases or login credentials with unknown or unverified sources.

In the realm of cryptocurrency transactions, where security and privacy are paramount, safeguarding your assets against malicious actors should be a top priority. By staying informed about the latest cybersecurity threats and implementing robust protective measures, you can minimize the risk of falling victim to such malicious campaigns and ensure the safety of your digital assets.