New Malware Campaign Targets Crypto Users Through Fake Tech Startups

In a world where AI and Web3 are the next big thing, scammers are using that hype to launch one of the most elaborate crypto malware campaigns we’ve seen to date. According to Crypto News, cybercriminals are creating fake startups, complete with professional websites, fake teams, and flashy branding, to trick users into downloading malware designed to steal their crypto.

The Trap: Trusting What Looks Legit

We’re used to being cautious of sketchy links or emails. But what happens when a scam looks exactly like a promising new AI or gaming startup?

That’s the playbook scammers are now using. According to cybersecurity firm Darktrace, attackers are building fake companies that mimic real Web3 or AI projects. These setups often include convincing websites, GitHub pages, whitepapers, and even fake LinkedIn and Notion profiles for nonexistent employees.

Some of these fake companies even have verified X accounts, complete with fake product updates and press releases, making it almost impossible to see through the scam.

The Hook: “Test Our App, Get Free Crypto”

Once the fake company looks believable, the next step is direct outreach. Victims are contacted through platforms like Telegram, X, or Discord. Scammers, posing as employees, offer free crypto in exchange for testing a new game, wallet, or AI software.

Victims are then given registration codes and links to download apps that are actually filled with malware. These apps are designed to steal crypto wallet credentials, personal data, and browser information, quietly, and without triggering suspicion.

The Malware: Realst, Atomic Stealer, and SparkKitty

Darktrace’s investigation reveals that the malware targeting both Windows and macOS users is part of known malware families like Realst and Atomic Stealer. On Windows, fake Electron apps perform silent downloads of malicious code. On Mac, attackers disguise malware in DMG files that install data stealers like Atomic, capable of grabbing sensitive browser and wallet information.

Some malware, like the newly identified SparkKitty, has even made its way into trusted platforms like Google Play and the App Store. Disguised as TikTok mods or crypto-related apps, SparkKitty scans user photo galleries for images of seed phrases, a terrifyingly simple yet effective tactic.

Not Just a Scam — A Global Cyber Campaign

What makes this threat even more alarming is the level of detail behind these fake companies. Darktrace reports that scammers have gone so far as to create fake online stores, fabricated investment partnerships, and even manipulated conference attendance images.

The tactics bear a striking resemblance to the infamous “CrazyEvil” malware group, previously exposed by Recorded Future. While it’s unclear if CrazyEvil is directly responsible for the current wave, the sophistication and approach strongly align.

Crypto Crime in 2025: A Growing Storm

With phishing attempts rising over 80% year-over-year and mobile Trojan attacks nearly quadrupling, crypto users are being targeted more than ever. Meanwhile, traditional banking malware is on the decline, proving that scammers are following the money.

As we move further into 2025, the message is clear: if it looks too good to be true, think twice. The crypto space is full of opportunity, but that also makes it the perfect hunting ground for the next generation of cybercrime.