特朗普总统的加密货币实现吸引渴望骗子用户的威胁行为者

1月下旬，他发布了自己的模因硬币，最近为美国的美国建立了战略性的数字资产储备

President Trump's economic and trade maneuvers, which has included on-again off-again tariffs, has helped send the price of Bitcoin tumbling.

特朗普总统的经济和贸易演习包括不断融合的关税，已帮助将比特币的价格转向。

His efforts also has attracted the attention threat groups eager to make money by scamming people and using Trump's coin as the lure. That includes an email campaign in which bad actors spoof the Binance crypto exchange market to deliver a remote access trojan (RAT) and steal information from infected computers.

他的努力还吸引了渴望通过骗人并以特朗普的硬币为诱惑来赚钱的注意力威胁团体。其中包括一个电子邮件活动，不好的演员欺骗Binance Crypto Exchange市场，以提供远程访问Trojan（Rat）并从受感染的计算机中窃取信息。

Installing the RAT

安装老鼠

In the scam, the unknown bad actor creates emails made to look like they're coming from Binance and offering victims the chance to acquired Trump's coin. The message in the email says the targets can earn TRUMP coins by taking such steps as installing Binance software like its desktop tool, depositing coins in a Binance account, and make trades on the exchange.

在骗局中，未知的坏演员会创建电子邮件，使他们看起来像是来自binance，并为受害者提供了获得特朗普硬币的机会。电子邮件中的消息说，目标可以通过采取诸如桌面工具（将硬币存入二钱帐户中的硬币）等步骤来赚取特朗普硬币，并在交易所进行交易。

"If victims follow the instructions and download 'Binance Desktop' in order to get TRUMP coins they instead install ConnectWise RAT," Cofense threat researcher Max Gannon wrote in a report. "The threat actors behind this campaign are eagerly monitoring infections and can connect to infected computers in less than 2 minutes."

研究人员马克斯·甘农（Max Gannon）在一份报告中写道：“如果受害者按照说明并下载'Binance Desktop'，以获取特朗普硬币，而是安装ConnectWise Rat。” “这项运动背后的威胁参与者正在急切地监测感染，并且可以在不到2分钟的时间内连接到感染计算机。”

High-Profile Events Attract Cybercriminals

备受瞩目的事件吸引网络犯罪分子

It's not surprising that the president's crypto efforts have caught the eyes of cybercriminals, said Jason Soroko, senior fellow at cybersecurity firm Sectigo.

网络安全公司Sectigo高级研究员Jason Soroko说，总统的加密货币努力吸引了网络犯罪分子的目光并不奇怪。

"Topical events serve as fertile ground for social engineering, offering attackers a ready-made script that exploits real-time urgency and widespread public attention," Soroko said. "By aligning phishing messages and malicious campaigns with trending news or current events, cybercriminals enhance credibility and evoke strong emotional reactions, prompting hasty actions from potential victims."

索罗科说：“主题事件是社会工程学的肥沃基础，为攻击者提供了一个现成的剧本，可以利用实时的紧迫性并广泛关注公众的关注。” “通过将网络钓鱼信息和恶意运动与热门新闻或时事保持一致，网络犯罪分子提高了信誉并引起了强烈的情感反应，从而促使潜在受害者的仓促行动。”

Binance Impersonation

Binance模仿

In this case, the bad actors made a significant effort to impersonate Binance, Gannon wrote. That included using "Binance" as the email sender's name and including a risk warning in the email to engender more trust in its validity.

甘农写道，在这种情况下，坏演员付出了巨大的努力。其中包括使用“ binance”作为电子邮件发送者的姓名，并在电子邮件中包含风险警告，以使其有效性更多。

"The threat actors also took great pains to make the website hosting the ConnectWise RAT download appear legitimate," he wrote. "Although they did not directly copy the Binance TRUMP coin page or the Binance client download page, the threat actors combined images from both into a convincing page which included further install steps."

他写道：“威胁参与者还竭尽全力使托管连接鼠下载的网站显得合理。” “尽管他们没有直接复制Binance Trump Coin页面或Binance Client下载页面，但威胁参与者将图像从两者结合到一个令人信服的页面中，其中包括进一步安装步骤。”

The download link for the Binance desktop client instead downloads an installer for the ConnectWise RAT, which connects to a command-and-control server that the threat actor actively monitors, which is unusual given that with most ConnectWise RAT installations, the hacker waits a while before deciding whether to interact with the infected system.

Binance Desktop客户端的下载链接下载了连接鼠的安装程序，该链接连接到命令和控制服务器，威胁行为者会主动监视该命令和控制服务器，这是不寻常的，鉴于大多数ConnectWise Rats Installations，Hacker等待一段时间，然后才能决定是否与感染系统进行交互。

Once connected, the bad actor looks for saved passwords for such applications as Microsoft Edge, which Gannon wrote makes up for "ConnectWise RAT's relative lack of information theft capabilities."

连接后，不良演员为Microsoft Edge等应用程序寻找保存的密码，Gannon写了这项应用程序，以弥补“ ConnectWise Rat的相对缺乏信息盗窃能力”。

A Cautionary Tale

一个警示性的故事

The scam is a warning about how quickly a threat actor can compromise systems, said Stephen Kowski, field CTO for SlashNext Email Secuty+.

Slashnext电子邮件secuty+的现场CTO Stephen Kowski说，该骗局是关于威胁行为者能够妥协系统损害系统的速度的警告。

"The sophisticated spoofing techniques, including legitimate-looking emails with risk warnings and convincingly crafted websites combining authentic imagery, highlight why real-time email security scanning with advanced AI detection capabilities is essential for identifying these threats before users interact with them," Kowski said.

“复杂的欺骗技术，包括带有风险警告的合法电子邮件和令人信服的网站结合真实图像的网站，突出了为什么为什么实时电子邮件安全扫描与高级AI检测功能对于在用户与他们互动之前识别这些威胁至关重要，” Kowski说。”

Organizations can protect themselves against such scams by using multi-layered protection that analyzes email content and linked destinations to block credential theft attempts, he added. They also should educate users about the dangers of downloading financial applications from unofficial sources.

他补充说，组织可以通过使用多层保护来保护自己免受此类骗局的影响，从而分析电子邮件内容和链接的目的地以阻止凭据盗窃尝试。他们还应该教育用户从非正式来源下载财务应用程序的危险。

"Protecting against these rapidly evolving phishing tactics requires solutions that can detect and block malicious URLs and attachments at the point of click, preventing the initial infection that leads to credential theft and system compromise," Kowski said.

Kowski说：“防止这些快速发展的网络钓鱼策略需要解决方案，这些解决方案可以在点击点检测和阻止恶意URL和附件，从而阻止了导致凭证盗窃和系统妥协的初始感染。”