A new scam is sweeping across social media, targeting individuals invested in cryptocurrency. Instead of simple phishing emails, these criminals are now building entire fake companies, complete with professional-looking websites, social media profiles, and even official-sounding project documents. They often claim to be cutting-edge firms in exciting fields like Artificial Intelligence (AI), gaming, or Web3 (the next generation of the internet).
These scammers go to great lengths to appear legitimate. They create profiles on platforms like X (formerly Twitter), sometimes even using compromised accounts that have a “verified” badge, which adds a false sense of trust. They also host their fake whitepapers and project roadmaps on well-known, trusted sites like Notion, Medium, and GitHub. This makes it incredibly difficult for an average user to tell the difference between a real startup and a cleverly designed trap.
The Trap: From Chat to Malicious Download
The scam typically begins with an unexpected message. A “fake employee” from one of these make-believe companies reaches out to potential victims on social media platforms like X, Telegram, or Discord. The offer sounds appealing: test their new software, and in return, receive a payment in cryptocurrency.
Once a victim expresses interest, they are directed to a fake company website. This site looks professional and encourages them to download what appears to be a legitimate application. However, what they actually download is malicious software. For Windows users, it might be an “Electron application,” a common way to build desktop apps. For macOS users, it could be a “.DMG” file. Both contain dangerous programs, often the “Atomic Stealer,” designed to secretly steal information.
“Centre for Police Technology” Launched as Common Platform for Police, OEMs, and Vendors to Drive Smart Policing
What the Scammers Steal and How They Do It
Once the malicious software is installed, it immediately goes to work. The malware first “profiles” the victim’s computer, gathering details about the system. On Windows computers, it often downloads and runs another hidden program, an “information stealer.” These programs sometimes even use stolen “code signing certificates,” which are digital stamps that make software appear trustworthy, further deceiving security systems.
For MacOS users, the Atomic Stealer is particularly dangerous. It is designed to swipe a wide range of sensitive data, including:
- Browser data: Your saved passwords, browsing history, and autofill information.
- Crypto wallets: The digital containers where your cryptocurrencies are stored.
- Cookies: Small files websites use to remember you, which can be used to hijack your online accounts.
- Documents: Important files stored on your computer.
The malware also works to “establish persistence,” meaning it tries to stay hidden on your computer and keep running even after you restart it.
Staying Safe: Recognizing the Red Flags
To protect your digital assets, it’s crucial to be aware of the warning signs. Some of the fake companies identified in these scams include:
- Pollens AI
- Buzzu
- Cloudsign
- Swox
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Here are key tips to stay safe:
- Be Skeptical of Unsolicited Offers: If someone you don’t know offers you free crypto or a chance to “test software” for payment, be extremely cautious.
- Verify Company Legitimacy: Don’t just trust a company’s social media presence. Look for independent reviews, official news, and check if they have a long, verifiable history.
- Inspect Download Sources: Only download software from official, well-established app stores or directly from a company’s verified main website, not from links sent in messages.
- Use Security Software: Keep your antivirus and anti-malware software updated, and consider using a reputable crypto wallet with strong security features.
- Educate Yourself: Stay informed about the latest scams and cybersecurity threats.
