Cryptocurrency Users Targeted by Fake AI, Gaming & Web3 Firms

Cybercriminals are using fake identities and websites to trick people in the cryptocurrency community into downloading harmful software. Disguising themselves as legitimate AI, gaming, and Web3 companies, these attackers have created an elaborate scam that targets both Windows and macOS users. Their goal is to steal valuable data and drain digital wallets.

The operation begins with the creation of convincing fake companies, complete with detailed websites, social media profiles, and project documentation. These false fronts often appear professional, featuring whitepapers, roadmaps, and blog posts that make the companies seem trustworthy. To make the scam even more believable, the attackers sometimes hijack real social media accounts belonging to legitimate tech companies or their employees.

Victims are typically approached through platforms like Telegram and Discord, where the attackers pose as representatives of these fake companies. They might promote a supposed new product, investment opportunity, or partnership, and persuade the victim to download software. That software, however, is actually malware—often a type known as a “stealer”—designed to harvest sensitive information, including login credentials, crypto wallet keys, and other personal data.

This campaign is not entirely new. Earlier versions used fake video conferencing tools to spread the same kind of malware. Over time, the tactics have evolved. Now, instead of just pretending to be video-related tools, the attackers have expanded to include AI services, social media platforms, and gaming startups. Each fake project is supported by realistic branding and detailed promotional materials, all carefully crafted to lure in victims.

The malware used in these attacks is especially dangerous because it affects both major operating systems. Once installed, it silently collects data and sends it back to the attackers, allowing them to gain access to cryptocurrency accounts and other sensitive services. Because the scam is so well-disguised, many users may not even realize they’ve been compromised until it’s too late.

To protect against these kinds of threats, it’s important to be cautious with unsolicited messages—especially those offering new tech tools or investment opportunities. Verifying the legitimacy of a company through multiple trusted channels and avoiding downloads from unknown sources can help reduce the risk. Keeping security software up to date and practicing good digital hygiene are also essential steps in avoiding these increasingly sophisticated attacks.