ChainCatcher reports that hackers are stealing cryptocurrency users’ assets by running fake Windows 11 update ads on Facebook. These ads use professional Microsoft branding and direct users to cloned Microsoft websites, where malicious software is downloaded.
The malware installs a framework called “LunarApplication” on the victim’s computer, specifically designed to steal cryptocurrency wallet seed phrases, login credentials, and other sensitive information. Hackers use geofencing techniques to avoid data center IP addresses and prevent automated scanners from detecting the attack.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
FBI Flags Criminal Network Exploiting Crypto ATMs With Fake Law Enforcement Threats
The FBI warns of rising impersonation scams involving cryptocurrency payments, as fraudsters use urgency and evolving tactics to pressure victims into quick financial decisions and drive increasing financial losses.
FBI Warns of Rising Law Enforcement Impersonation Scams
A new warning from the FB
Coinpedia13m ago
OpenClaw Founder Issues Security Warning: Beware of Cryptocurrency Scam Emails Impersonating the Project
OpenClaw founder Peter Steinberger issued a security warning on the X platform, alerting users to be cautious of scam emails related to OpenClaw, emphasizing that the project is open-source and non-commercial, recommending users obtain information through the official website, and warning against commercial packaging practices.
GateNews56m ago
Canadian Cryptocurrency Business Owner, 33, Kidnapped in Madrid, Spain; Two Suspects Arrested
A kidnapping incident occurred in Madrid, Spain, where a 33-year-old Canadian cryptocurrency entrepreneur was forcibly detained by multiple men with the intent to steal BTC and private keys. Police rescued the victim in time and arrested two suspects. The case involves premeditated stalking and physical coercion attacks and remains under investigation.
GateNews11h ago
Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected
Bitrefill suffered a cyberattack on March 1, 2026, linked to the Lazarus Group, exposing 18,500 user records and draining funds. The company will cover all losses and has implemented enhanced security measures.
TheNewsCrypto12h ago
A certain CEX warning: The token labeled as "BTC" on the TON network is a scam token, and it is assisting users in dealing with it.
A certain CEX responded to users stating that Bitcoin is not on the TON network. The tokens users transferred in were marked as "BTC" but were actually scam tokens. The exchange is assisting in asset recovery, though the process is complex and time-consuming. The exchange reminds users to be vigilant against misoperations and fraud risks.
GateNews13h ago
