Hackers Use TRUMP Coin Scam To Spread Malware Via Fake Binance Emails

Hackers are using a fake Binance website and the promise of TRUMP cryptocurrency to trick victims into installing malware, cybersecurity researchers warn.

The phishing campaign, uncovered by Cofense, impersonates Binance—the world’s largest cryptocurrency exchange—offering users a chance to earn TRUMP coins by downloading Binance software and making deposits. Instead, victims end up installing a remote access tool (RAT) that grants hackers control over their computers in under two minutes.

Trump announced the TRUMP coin in January, with companies tied to him allegedly making millions from it. While the cryptocurrency itself is controversial, the phishing scam raises further concerns about cybercrime targeting political supporters, as reported by The Record.

Max Gannon, Intelligence Manager at Cofense, explained the severity of the attack: “Some campaigns have been spoofing LinkedIn, others Binance, Virtru, and even the United States Social Security Administration. Part of the reason it has likely become so popular recently is that it has a lot of features and is free to use and easy to set up,” reported The Record.

“Moreover because it is technically legitimate there are a large number of files that it uses which cannot simply be blocked because they are also used by legitimate installations of ConnectWise RAT,” he added.

The emails convincingly mimic Binance’s branding, even including risk warnings to appear more legitimate. The scam’s fake website also closely resembles Binance and TRUMP coin pages, using real images from both platforms.

However, instead of providing a Binance client, the site delivers a modified version of ConnectWise RAT, a tool that allows cybercriminals to take over infected computers remotely. Once a device is compromised, the attacker wastes no time.

“Shortly after checking in, the threat actor takes remote control of any infected computers. This is in contrast to most ConnectWise RAT installations where the threat actor will only decide to interact with an infected host after some time has passed,” Cofense explained.

Attackers immediately target saved passwords, particularly from browsers like Microsoft Edge. The campaign demonstrates the growing trend of cybercriminals using real-world news and political events to enhance their scams. By leveraging Trump’s highly publicized cryptocurrency, hackers have found an effective way to lure victims.

Cofense explained that ConnectWise RAT’s simplicity makes it accessible to hackers of all skill levels, from inexperienced individuals to advanced persistent threat (APT) groups seeking to conceal their activities.

Security experts advise users to be cautious of unsolicited emails and to avoid clicking links promising financial opportunities. Instead, they recommend visiting official cryptocurrency websites directly to prevent falling victim to scams.