🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Fake Crypto Startups Use Social Media To Spread Wallet-Stealing Malware
HomeNews* Cybercriminals are targeting cryptocurrency users with fake startup companies to distribute Malware.
The attackers frequently use verified and compromised X accounts linked to actual companies or employees, making their fake brands appear more credible to potential victims. Gould noted, “They make use of sites that are used frequently with software companies such as X, Medium, GitHub, and Notion. Each company has a professional looking website that includes employees, product blogs, whitepapers and roadmaps.”
Some of the fictitious companies involved include Eternal Decay, BeeSync, Buzzu, Cloudsign, Dexis, KlastAI, Lunelior, NexLoop, NexoraCore, NexVoo, Pollens AI, Slax, Solune, Swox, Wasper, and YondaAI. Attackers approach targets via direct messages, offering payment in cryptocurrency to test out products. If victims comply, they are sent to crafted websites to download harmful applications.
On Windows, the fake app profiles the user’s machine and runs an installer believed to act as an information thief. On macOS, the malware known as Atomic macOS Stealer (AMOS) collects documents, browser data, and crypto wallet information. The installer also sets up persistence, meaning the malicious application restarts each time the computer is rebooted.
According to Darktrace, the tactic is similar to previous scams identified under the name “Meeten” and is linked to threat groups like “Crazy Evil,” who use similar malware. The campaign demonstrates a continued evolution in the complexity of tactics used to target and defraud cryptocurrency investors.
For more details on the campaign and its methods, visit the full Darktrace report. A technical overview on persistence can be found through Apple’s Launch Agent documentation.