Fast-Acting Crypto Scam Exploits TRUMP Coin Hype to Deliver RAT Malware

Cybercriminals are leveraging the growing popularity of cryptocurrency and its association with the current U.S. president to launch a rapid phishing campaign that mimics Binance.

  North America Cyber affairs News   Mar 12, 2025  Add to Reading List
Fast-Acting Crypto Scam Exploits TRUMP Coin Hype to Deliver RAT Malware

Cybercriminals are leveraging the growing popularity of cryptocurrency and its association with the current U.S. president to launch a rapid phishing campaign that mimics Binance, luring victims with promises of free TRUMP coins while infecting their systems with ConnectWise RAT malware in under two minutes.

Binance Spoofing & Social Engineering Tricks

Security researchers at Cofense uncovered this highly deceptive attack, where threat actors convincingly impersonate Binance by:

  • Using "Binance" as the sender name in emails.
  • Adding a "risk warning" to make the email appear legitimate.
  • Creating a fake Binance website that closely resembles the real platform.

While crypto scams are nothing new, the speed at which attackers gain control of infected devices in this campaign is unprecedented. The attackers monitor infections in real time, allowing them to seize control of a victim’s workstation almost immediately after infection, unlike typical ConnectWise RAT attacks, which usually involve delayed manual engagement.

Fake TRUMP Coin Giveaway Leads to Malware

The attack revolves around a phishing email promising up to 2,000 TRUMP coins, a Solana-based meme cryptocurrency. The message urges recipients to complete simple tasks to claim their rewards, such as:

  • Installing the Binance Desktop App (50 coins).
  • Completing Binance registration & verification (100 coins).
  • Depositing $50 in crypto (150 coins).

Clicking the "Download Now" link leads to the installation of ConnectWise RAT instead of the Binance app. This remote access trojan connects to a command-and-control (C2) server, allowing attackers to execute commands, steal data, and even extract saved passwords from Microsoft Edge.

Why This Scam Works

Attackers rely on social engineering and current events to enhance credibility. The phishing email’s "risk warning" plays on reverse psychology, reinforcing the illusion of legitimacy. Additionally, by tying the scam to the TRUMP coin hype, hackers take advantage of the public’s sense of urgency and fear of missing out (FOMO).

Protecting Against Crypto Scams

Cybersecurity experts emphasize caution when receiving unsolicited crypto-related emails, especially those offering too-good-to-be-true deals. Users should avoid clicking on links or downloading attachments from unknown sources.

Cofense has shared Indicators of Compromise (IoCs), including malicious URLs embedded in phishing emails, to help organizations detect and prevent infections.