According to a recent report from Google Threat Intelligence, threat group COLDRIVER has been using a new malware, LOSTKEYS, to steal documents from Western targets. This malware marks a shift from credential phishing to more advanced attacks. The installation process of LOSTKEYS involves several steps, including a fake CAPTCHA lure website, PowerShell script download, device evasion, and payload retrieval. Once installed, LOSTKEYS can steal files, send system information to COLDRIVER, and operate from the address '165.227.148[.]68'. Google has taken measures to mitigate the impact of this malware by adding malicious websites to its 'Safe Browsing' feature. COLDRIVER, a Russian-backed group, targets high-profile Western individuals like diplomats and journalists. In 2024, they launched an attack using the 'Spica' malware. Crypto hacks have been on the rise in 2025, with losses exceeding $2 billion in the first quarter alone, attributed to operational flaws and social engineering tactics. Read more AI-generated news on: https://app.chaingpt.org/news