Binance is being spoofed in an email campaign that uses ‘up to 2000’ free TRUMP Coins as a lure leading to the installation of the ConnectWise RAT, and remote takeover of the victim’s computer, according to a Flash Alert issued by Cofense Intelligence.
Targets are sent an email purporting to be from Binance and incorporating an accurate Binance logo. The email offers free Trump Coins on completion of a series of ‘special trading tasks’. The mail also includes a series of warnings designed to increase the readers’ trust in the content: an offer to help prevent phishing, a warning on the volatility of cryptocurrencies, and an appeal to ‘trade with caution’.
Targets are urged to download the tasks – which on its own could earn 500 TRUMP Coins. Clicking the download button takes the target to a fake, but realistically crafted, Binance page. Here, visitors are urged to download what pretends to be a Binance Windows client – but what is really ConnectWise supplied from the attackers’ C2 server. Once ConnectWise is installed, the target becomes a victim, and control of the victim’s computer can be achieved in minutes.
Visible URLs in this process are designed to suggest Binance:
binance-web3 [. ]com [.] ru/downIoad [.] htm
binance-web3 [.] com [.] ru/BinanceSetup [.] exe
Binance-web3 is relatively reassuring, although the ‘.com’ could arouse suspicion in the US Binance operates a separate domain (binance.us) that allows it to conform with required US regulations. And the ‘.ru’ element could cause immediate concern in many European and NATO countries.
Components of the campaign
Trump Coins. TRUMP Coins are classified as meme coins within the cryptocurrency market. They have no intrinsic utility but rely on the popularity of the namesake. They were launched by Donald Trump on January 17, 2025, and are hosted on the Solana blockchain.
Meme coins are especially volatile. According to crypto.com, the value peaked at $75.26 shortly after trading began but quickly settled around $27. According to Kraken, the current value (March 10, 2025) is $10.99. Although decreasing, meme coins such as these will continue to have buyers so long as the meme subject has supporters – and the current phishing campaign offering up to 2000 TRUMP Coins is still offering $20,000 for free.
Binance. Binance is a major but controversial cryptocurrency exchange, founded originally in China but moving to Japan because of regulatory pressure. Its current headquarters is probably Malta, but possibly also the Cayman Islands. Its popularity comes from its reach – it operates in around 180 companies and trades around 350 cryptocurrencies. It also has high liquidity making it easy to buy and sell cryptocurrencies.
ConnectWise. ConnectWise is a legitimate company providing software and services primarily for managed services providers (MSPs). This can include the ability to remotely monitor and manage their clients’ systems, and this facility has been abused in the past.
Once unknowingly installed by victims, the attackers are rapidly able to take over their computer systems.
Related: Russian State Hackers Target Organizations With Device Code Phishing
Related: Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
Related: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
Related: PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts
About The Author
Original post here
