Posing as startups in AI, gaming, or Web3, fraudsters create polished websites, fake whitepapers, and hijacked verified accounts on X to appear legitimate, deceiving users into believing they represent genuine, cutting-edge ventures
A sophisticated cryptocurrency scam is making the rounds on social media, where cybercriminals are masquerading as legitimate technology startups to trick users into downloading malicious software. These scams are no longer limited to phishing links or suspicious emails—they now involve full-scale digital deception, complete with company websites, social media accounts, and fake project documentation.
The fraudsters claim to represent emerging ventures in trending domains such as Artificial Intelligence, gaming, or Web3. To appear credible, they create sleek websites, circulate professional-looking whitepapers, and even manage profiles on platforms like X (formerly Twitter), often through hijacked verified accounts. These fabricated companies present themselves as cutting-edge innovators, making it hard for unsuspecting users to distinguish them from real businesses.
Malware disguised as test software
The scam begins when a so-called employee reaches out on platforms like X, Telegram, or Discord, offering the recipient an opportunity to test a new software application in exchange for crypto payments. Once a user shows interest, they are directed to download the program from the company’s website.
However, the software is embedded with malware, commonly known as “Atomic Stealer.” Windows users typically receive an Electron-based app, while macOS users get a .DMG file—both designed to secretly siphon sensitive information. Once installed, the malware begins profiling the system, harvesting browser data, saved passwords, cryptocurrency wallet credentials, session cookies, and personal documents.
The attackers also use stolen digital code-signing certificates to make the malicious apps appear trustworthy, helping them bypass basic security checks. In many cases, the malware installs additional payloads to strengthen its hold, ensuring it remains active even after the device is restarted.
Fake startups exploit tech platforms
This scam is particularly dangerous due to its advanced social engineering and the technical legitimacy it projects. Fake startups identified so far include names like Pollens AI, Cloudsign, Buzzu, and Swox. All of them use platforms like Notion, GitHub, and Medium to host phony content that mirrors that of real tech projects.
Cybersecurity experts urge the public to remain cautious. Red flags include unsolicited offers to test software, promises of cryptocurrency rewards, and unfamiliar companies pushing external downloads. Users are advised to verify startups through independent sources, rely on trusted app stores, and keep security tools updated to detect threats.
As crypto adoption grows, so does the complexity of cyber threats—making awareness essential for digital safety.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
