Summary: A malicious campaign named PoisonSeed is exploiting compromised credentials from CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases, ultimately aiming to drain victimsβ digital wallets. The attack involves phishing tactics aimed at high-value targets, including both individuals and enterprises linked to the cryptocurrency sector. This campaign is assessed to be distinct from similar threats, featuring new phishing techniques and leveraging lookalike domains.
Affected: Crypto companies (e.g., Coinbase, Ledger) and bulk email providers (e.g., Mailchimp, SendGrid, Hubspot, Mailgun, Zoho)
Keypoints :
- PoisonSeed uses compromised CRM and bulk email accounts to distribute spam containing fake seed phrases.
- The attack targets both individual and enterprise organizations within and outside the cryptocurrency sector.
- Phishing tactics involve creating lookalike domains to steal user credentials, allowing continued access through created API keys.
- A separate Russian-speaking threat actor is also employing phishing pages to deliver malware disguised as legitimate documents.
Source: https://thehackernews.com/2025/04/poisonseed-exploits-crm-accounts-to.html
Views: 9