Malware scams keep evolving. A new scheme is on the rise, relying on phishing emails delivering ZIP file attachments that infect user devices.
A real user case reveals how a tampered device can lead to unauthorized fund withdrawals using stolen API credentials.
Avoid becoming a victim by practicing strong security hygiene, avoiding suspicious files, and securing your Binance account with tools like Passkey and MFA.
In 2025, malware threats continue to evolve — and they’re coming from every corner of the web. From search engines to social media feeds and even everyday messaging apps, cybercriminals are constantly looking for ways to exploit unsuspecting users.
While these threats are widespread, one growing tactic deserves special attention: phishing emails with malware attachments.
Delivering malware via email has become one of cybercriminals’ favourite methods due to its simplicity and effectiveness. With the rise of artificial intelligence and automation, attackers are now able to craft convincing emails that appear legitimate, often including ZIP files or attachments disguised as harmless content. Once opened, these files can silently install malicious scripts or programs designed to steal your personal information, hijack your crypto wallets, or compromise your device’s security settings.
The scheme exploits victims’ trust, tricks you into opening a file, and then launches malware directly on your system – leveraging social engineering to trick you into activating the threat. This shift reflects cybercriminals’ adaptation to stronger user awareness; they have leveled up to combine psychological manipulation with technical exploitation in this latest approach.
As digital transactions become more common and high-value targets more accessible, the sophistication of these scams has increased dramatically. That’s why security awareness – and proactive defense – is more important than ever.
Binance’s Risk team continuously monitors these threats and adapts our protections. But security is a shared responsibility. As a user, staying informed and cautious is your first and most powerful line of defense.
In this guide, we’ll break down how these phishing attacks work, share a real-world example, and give you actionable steps to stay safe in today’s evolving digital landscape.
Malware, short for malicious software, has long been a thorn in the side of internet users, but its integration with phishing emails marked a significant escalation. These attacks begin with a cleverly crafted email, often masquerading as legitimate communication from a trusted entity like a crypto exchange. The email typically includes a ZIP file or executable attachment, which, once opened, unleashes malware onto your device. This malware can range from keyloggers that record your keystrokes to remote access trojans (RATs) that grant hackers full control.
For Binance users, the stakes are high: compromised devices can manipulate API settings, enabling swift and silent fund withdrawals.
In June 2025, a Binance user received an email from someone impersonating a manager at the crypto exchange. The email included a password-protected ZIP file. Trusting the source, the user opened it — unknowingly installing malware onto their regular trading device.
That same day, Binance systems flagged the device as compromised. Unauthorized API-based withdrawals followed, routed through another country. Though the user had previously used the device for months without issue, it was now controlled by attackers.
Step 1, Phishing Email: A fake “crypto exchange manager” sends a convincing message with a ZIP file attachment.
Step 2, Device Tampering: The malware silently installs on the victim’s PC or mobile device when the file is opened.
Step 3, API Exploitation: The malware accesses stored API keys or creates new ones to withdraw funds undetected.
Result: Funds are gone in minutes or hours.
Example of a phishing email with embedded malware. Source: Binance.
With APIs, attackers don’t need your login – just a vulnerable device and a few seconds to get to the funds. This makes real-time monitoring and personal vigilance critical. These scams can reach anyone, anywhere, in moments.
Even with advanced security systems in place, no platform can protect against every sophisticated attack without your help.
At Binance, we take these threats seriously. Our response includes:
Security features: Multi-factor authentication (MFA) –we strongly encourage users to enable facial verification and passkey are strongly encouraged.
Secure Channels: We never send ZIP files or executable attachments via email.
Support 24/7: Suspect a breach? Contact us immediately to freeze your account.
Act now with this 5-step plan:
Install Antivirus: Use trusted software to block malware.
Avoid Email Attachments: Never open files from unknown senders, even if they seem legitimate.
Secure Your API: Regularly review and restrict API permissions in the Binance app.
Use Passkey: Add stronger protection to your account.
Monitor Activity: Check for unusual withdrawals and report them fast.
Pro Tip: If you’ve opened a suspicious file, disconnect your device, scan it, and alert our support team.
In 2025, phishing emails with malware attachments are a significant threat – but they’re no match for informed, vigilant users. By staying alert, using security features, and only trusting official Binance communication channels, you can block attacks before they begin.
Binance teams work around the clock to keep your assets safe – but in the end, the strongest defense is you.
Be vigilant. Be proactive. Be your own first line of defense.
