{
  "name": "Trump Cryptocurrency Delivers ConnectWise RAT",
  "slug": "trump-cryptocurrency-delivers-connectwise-rat",
  "description": "An email campaign impersonating Binance is offering fake TRUMP coins to lure victims into downloading a malicious 'Binance Desktop' application, which actually installs ConnectWise RAT. The attackers have created a convincing web page mimicking Binance's interface to host the malware download. Once infected, threat actors quickly establish remote control of the victim's computer, targeting saved passwords in applications like Microsoft Edge. The campaign employs sophisticated social engineering tactics, including sender name spoofing and risk warnings, to appear legitimate. Threat actors are actively monitoring infections and can connect to compromised systems within minutes of installation.",
  "published": "2025-03-11T16:34:55+00:00",
  "created_at": "2025-03-11T16:34:55+00:00",
  "modified_at": "2025-03-11T17:53:54+00:00",
  "created_at_opencti": "2025-03-11T16:34:55+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-03-11",
    "binance impersonation",
    "connectwise rat",
    "cryptocurrency scam",
    "password theft",
    "phishing",
    "remote access trojan",
    "social engineering"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "shopifycourses.store"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:a03fddc08db8e92e",
        "name": "ConnectWise RAT",
        "slug": "connectwise-rat"
      }
    ],
    "attack_patterns": [
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://securityboulevard.com/2025/03/trump-cryptocurrency-delivers-connectwise-rat/",
    "https://otx.alienvault.com/pulse/67d0743fa696bc6ef3985a7d"
  ]
}