Crypto Clipper Campaign Abuses Fake Reviews

Overview A new malware operation is rewriting the rules of social engineering. According to Check Point Research, an unknown threat actor is using fake reviews, AI‑generated videos, and coordinated reputation manipulation to promote malicious software disguised as popular crypto tools. The campaign targets cryptocurrency holders and online gamblers, luring them with promises of “sniper bots” and “crash‑game predictors” that secretly install a Rust‑based clipboard hijacker. The Fake Reputation Machine The threat actor has built a multi‑platform ecosystem to make their malware look legitimate. Platform Manipulation Tactic Purpose WordPress Phishing hub hosting malicious downloads Central distribution point GitHub Six fake developer accounts cross‑promoting repositories Synthetic trust signals SourceForge Artificially inflated download counts (44,485 downloads) False popularity metrics YouTube AI‑generated tutorial videos and positive comments Influencer‑style promotion VirusTotal Coordinated upvotes and fake “safe” comments Reputation poisoning to evade detection The campaign even used a press‑release distribution service to syndicate its fake tool across legitimate news sites like the USA TODAY Network — a tactic rarely seen in malware operations. The Malware Payload At the core of the operation is a Rust‑based crypto clipper that targets both Windows and macOS. […]