Stay Alert: Binance Email Scam Promising Access to “TRUMP Coin”

A fraudulent email scam masquerading as the prominent cryptocurrency exchange Binance is duping naive people into a trap. These bogus communications, which promise access to a fictitious TRUMP coin, trick users into downloading malware masquerading as a desktop program. Cybersecurity researchers at Cofense, who discovered the scheme, warn that this fraud installs a remote access tool (RAT) called ConnectWise, giving attackers total control of affected devices in minutes.

How the Scam Unfolds

The campaign begins with emails purporting to be from “Binance,” luring recipients with news of a newly released Trump-themed cryptocurrency. These emails include a link to a phony Binance website that is meticulously designed to imitate the genuine thing. The site imitates official logos and even displays security alerts to lure people into believing it. However, instead of giving Bitcoin, it directs visitors to download “Binance Desktop,” a malicious package that launches the ConnectWise RAT.

According to a recent blog post by Cofense, the bogus emails and websites do not directly replicate Binance's official pages but instead artfully blend actual photos and design components to appear convincing. The scammers go the extra mile by including a “risk warning” statement, a subtle touch that adds to the image of credibility. The download URL leads to a Russian-hosted site, Binance-web3comru, which hosts the virus. Two other rogue websites, klclick2com, and shopifycoursesstore, have been linked to this scheme.

Unlike other RAT operations, in which hackers bid their time, these fraudsters do not squander any. Cofense researchers discovered that attackers connect to infected devices in less than two minutes after infection. Once inside, hackers rummage through browsers like Microsoft Edge, manually extracting cached passwords and other data, outperforming the malware's built-in thieving skills.

Why This is a Big Deal

Jason Soroko, a Senior Fellow at Sectigo, explained why these frauds work so successfully. He pointed out that hackers frequently capitalize on heated subjects to entice their victims. By linking their scams to current events, such as the excitement around Trump-related cryptocurrencies, they make their bait appear urgent and credible, encouraging consumers to act without hesitation.

“Topical events serve as fertile ground for social engineering, offering attackers a ready-made script that exploits real-time urgency and widespread public attention,” Jason told me. “By aligning phishing messages and malicious campaigns with trending news or current events, cybercriminals enhance credibility and evoke strong emotional reactions, prompting hasty actions from potential victims.”

Scammers Keep Cashing In on Trump's Hype

This is not the first time scammers have targeted Trump's cryptocurrency companies. In July 2024, they circulated false information about Trump's assassination in order to sell cryptocurrency. A year earlier, in July 2023, a phishing wave targeted his supporters with bogus websites designed to steal Bitcoin donations. More recently, in September 2024, hackers attacked Trump's new digital trading cards, launching phishing sites and false domains to steal personal information.

The Binance email scam that took advantage of the “TRUMP coin” craze demonstrates how smart cybercriminals can be, combining real-world trends with sophisticated methods to catch people off guard. With attackers moving quickly and adopting famous identities such as Binance, being vigilant is more important than ever. Always double-check URLs and downloads, especially when claims of rapid cryptocurrency riches appear.