BleepingComputer reports that hacked Mailchimp, SendGrid, Mailgun, HubSpot, and Zoho accounts have been harnessed for the mass distribution of crypto seed phrase-containing emails aimed at compromising Coinbase and Ledger cryptocurrency wallets as part of the widespread PoisonSeed campaign, which has already impacted the Mailchimp account of Have I Been Pwned administrator Troy Hunt and certain Coinbase users last month.
After pilfering credentials from high-value customer relationship management and bulk email platform users duped by seemingly legitimate phishing emails, threat actors proceed with mailing list exports and new API key generation for persistent access to the compromised account, which is then leveraged to facilitate the distribution of fraudulent crypto-themed alerts with wallet seed phrases, according to an analysis from SilentPush. Inputting the provided wallet seed phrase during the migration process would allow malicious access to the new cryptocurrency wallet, said researchers, who advised users to ignore urgent email requests and verify potential alerts from the actual platform cited in the emails.
