Google says threat actor COLDRIVER uses a novel malware strain, LOSTKEYS, to steal sensitive documents from western organizations.
A Google Threat Intelligence report on May 7, 2025, indicated that threat actor COLDRIVER is utilizing a novel malware strain, identified as “LOSTKEYS”, to steal sensitive documents from western organizations, which is a shift in tactics from traditional credential phishing to more advanced cyber-attacks.
LOSTKEYS is reportedly able to steal files from specific directories and file types, depending on hard-coded criteria.
Source: Google
Distribution of the malware occurs in a four-step process. Users are first lured to a spoofed website featuring a fake CAPTCHA, which in turn copies a PowerShell script to the clipboard. The script evades detection mechanisms before downloading and installing the ultimate payload.
Crypto hack losses reach record $2 billion in early 2025
The first quarter of 2025 has seen a record-breaking wave of cryptocurrency-related cyberattacks, with damages totaling over $2 billion, exceeding total damage suffered in 2024.
A report from cybersecurity firm Hacken highlights that weak access controls and operational neglect continue to plague centralized and decentralized platforms. Attackers are noticeably turning more to social engineering tactics to trick victims.
Most of the recent losses were attributed to a $1.5 billion hack of the cryptocurrency exchange Bybit in February, which was supposedly carried out by the North Korea-linked Lazarus Group.