This is Tusk, the new phishing campaign that wants to steal your information and cryptocurrency
The risks on the Internet are becoming more serious. That is why it is very important to have some cybersecurity concepts that can protect you. There are more and more campaigns organized by cybercriminals that aim to empty your bank account. Or steal your cryptocurrency, as is the case with this new online scam campaign.
We're talking about Tusk, a campaign discovered by Kaspersky that aims to steal cryptocurrencies and sensitive information, taking advantage of popular topics like web3, cryptocurrencies, artificial intelligence, online gaming, and more.
Cybercriminals are targeting people from all over the world, and according to cybersecurity firm Kaspersky, the campaign is being led by a group of Russian-speaking cybercriminals who spread malware and information-stealing tools.
Kaspersky Global Emergency Response Team (GERT) has discovered this phishing campaign targeting Windows and macOS users around the world, with the aim of stealing cryptocurrency and personal information.
Under the name Tusk (Fang in Russian), the attackers are running a phishing campaign in which they attempt to trick victims into using fake web pages that closely mimic the design and interface of various legitimate services. In recent cases, they have imitated the interface of a cryptocurrency exchange, an online role-playing game, and an AI-powered translator.
As is often the case with this type of scam, there are slight differences in elements of the malicious pages, such as the name and URL, but it appears to be a well-crafted campaign with a high chance of success.
If you fall into the trap and enter a website that impersonates a real one, you will reveal sensitive information, such as passwords to your cryptocurrency wallets, or download malware.
With this information, attackers can connect to victims’ cryptocurrency wallets and transfer their funds within seconds. All this is done through information stealing tools and other common tools of cybercriminals, with which they can steal all this data very quickly.
So how do you avoid falling into this trap? As always, make sure the website you’re visiting is legitimate, and review every last detail of the URL before entering any credentials.