SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 22 May 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
New Variant of Crypto Confidence Scam
Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money.
https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968
Malicious Chrome Extensions
Malicious Chrome extensions mimick popular services like VPNs to trick users into installing them. Once installed, the extensions will exfiltrate browser secrets
https://dti.domaintools.com/dual-function-malware-chrome-extensions/
Malicious VS Code Extensions
Malicious Visual Studio Code extensions target crypto developers to trick them into installing them to exfiltrate developer secrets.
https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions/#indicators-of-compromise
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, May 22nd, 2025 edition of the Sands Internet Storm Centers. |
| 0:07.9 | Stormcast, my name is Johannes Ulrich, and in this episode brought you by the sands.edu credit |
| 0:15.0 | certificate program in cybersecurity engineering. I am recording in Jacksonville, Florida. Well, remember a few weeks ago, |
| 0:23.3 | we had these scammers that actually left comments on the Inlet Storm Center YouTube channel |
| 0:28.9 | that listed their private passphrase for their crypto coin wallets. And well, we looked into this, |
| 0:37.0 | and the reason they did this was not to give you the money. |
| 0:40.8 | Kind of that would have been too easy and not much of a scam, but instead, the way these |
| 0:45.3 | crypto wallets were set up, they needed a second passphrase in order to actually work and |
| 0:51.9 | for you to be able to deduct money from them. |
| 0:55.9 | So they try to trick you into actually sending the money for the transaction fee ahead |
| 1:01.1 | of realizing that you can't actually get to the money. |
| 1:04.3 | Well, it looks like we have a little bit an evolution of this scam happening. |
| 1:09.2 | Now, I've observed it on X where via direct message. |
| 1:14.1 | Someone approached me and told me that, hey, you actually got some money from me coming here. |
| 1:22.3 | And then they gave me the username and password to actually log into their account. |
| 1:29.0 | And these credentials work on this very specific website. |
| 1:34.6 | The problem, of course, with this is that, well, it's not so easy to actually get to the money from that website. |
| 1:42.8 | This website, I'm not familiar with it. |
| 1:45.5 | I doubt it's legit, but it doesn't really look all that confidence building. |
| 1:54.1 | Once you're trying to actually then withdraw the money from the account, |
| 1:59.3 | you're prompted with, well, the next challenge that in order |
| 2:04.2 | to actually withdraw the money, you need to know a key password. And of course, you don't have |
... |
Transcript will be available on the free plan in 2 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.