Malware Campaign Spreads Fake Wallet Seed Phrases Through Hacked Mailing Lists
A sophisticated malware campaign named PoisonSeed targets users of bulk email providers like Mailchimp and SendGrid. The campaign begins with phishing messages that trick victims into providing login details via a convincing fake website. Once compromised, mailing lists are quickly downloaded. Victims then receive emails impersonating crypto exchange Coinbase, falsely claiming a transition to self-custodial wallets, accompanied by a 12-word seed phrase that, if imported, allows attackers to drain crypto wallets. Microsoft regional director Troy Hunt experienced this phishing attempt, noting its effective social engineering tactics that created urgency without excessive alarm. Silent Push distinguishes PoisonSeed from other threat actors, Scattered Spider and CryptoChameleon, despite similarities in phishing domains and targets. The incident highlights the need for vigilance among content creators as well as consumers against social engineering scams.
