Hackers disguise Trojans as torrent distributions

A separate scheme is used against companies. They are sent letters allegedly containing copyright claims. The archive for such letters contains the Efimer Trojan, which is activated immediately after launch. As specified by Kaspersky Lab, the malware is capable of penetrating the system, analyzing text files and highlighting combinations similar to crypto wallet seed phrases. After that, the virus intercepts cryptocurrency transactions and replaces the details for transfers to addresses controlled by the attackers.

According to experts, cases of infection have been recorded in various countries, including Russia, India, Spain, Italy, and Germany. The number of affected users continues to increase, which indicates that the attack is scaling up.

Experts note that such attacks are increasingly targeting the crypto industry. Earlier, Kaspersky Lab specialists reported on another malicious program, SparkKitty. This software is designed for iOS and Android devices and is aimed at stealing cryptocurrency from users in China and Southeast Asia.

Thus, hackers are expanding their arsenal of methods, combining social engineering with the substitution of familiar download and communication tools. Users are strongly advised to be careful when downloading files from unverified sources and carefully check the addresses to which cryptocurrency transfers are made.

With the growing interest in digital assets, the likelihood of attacks using seed phrases and wallet substitution remains high. Experts believe that this vector will become one of the key areas of activity for cybercriminals in the coming years.

Ensuring security in the cryptocurrency sphere requires not only technical solutions, but also the attentiveness of the users themselves. Any downloaded file, incoming letter or unexpected request can become the beginning of an attack, the consequences of which will lead to a complete loss of funds.