Individuals looking to purchase President Donald Trump's cryptocurrency on Binance have been targeted with a new attack campaign spoofing the world's leading cryptocurrency platform to spread a trojanized version of the ConnectWise remote access tool aimed at data exfiltration, according to The Record, a news site managed by Recorded Future.
Attacks commenced with the distribution of phishing emails purporting to be from Binance that included a download link for TRUMP coins, which when clicked facilitated the installation of ConnectWise RAT, a report from Cofense showed.
ConnectWise RAT enabled threat actors to not only remotely take over targeted devices, but also exfiltrate saved credentials, said Cofense researchers. Such findings come amid the increased exploitation of ConnectWise in various cyberattack campaigns.
"Part of the reason it has likely become so popular recently is that it has a lot of features and is free to use and easy to set up," said Max Gannon, intelligence manager at Cofense. "Moreover, because it is technically legitimate there are a large number of files that it uses which cannot simply be blocked because they are also used by legitimate installations of ConnectWise RAT."
