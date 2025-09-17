How attack worked

Malware-as-a-service

Charles Guillemet, chief technology officer at hardware manufacturer Ledger, recently spotlighted a sophisticated phishing attack targeting Ethereum developer Zak Cole.

Guillemet has warned users against storing keys on their computers to avoid becoming the victim of such an attack.

The malicious actor in question posed as a legitimate contact from a popular podcast in order to gain trust.

The attacker sent an email with a link to StreamYard, a popular webinar platform.

This was followed by a typical step for such attacks: the landing page showed a fake error and prompted the targeted developer to download a desktop app with rather suspicious insistence.

Cole, who already lost some of his crypto holdings to scammers earlier this year, downloaded a macOS installer file to a separate test machine and (unsurprisingly) ended up finding a fake program with a script and a fake Terminal icon that was meant to run the hidden script.

The malicious malware was meant to grab wallet files, messages, photos, as well as other files from the computer of the potential victim and send back whatever it stole to the servers operated by the attacker.

The most surprising development was finding out that the attacker in question was actually operating rented malware that they were able to profitably use for just $3,000 per month.

According to Cole, this shows that “malware-as-a-service” is turning into a burgeoning industry, and even low-skill actors can now get their hands on commodity malware.