The malware is specifically designed to steal cryptocurrencies and sensitive user data. The malware is embedded during the manufacturing or distribution process, and allows attackers to hijack crypto transactions and harvest personal information. Meanwhile, DDoS attacks have surged globally, and experts warned that they are increasingly used as geopolitical weapons. Additionally, the Bitcoin Development Mailing List was briefly suspended by Google after being mistakenly labeled as spam. This raised concerns about targeted censorship attempts against the Bitcoin developer community.
Android Smartphones Preloaded with Crypto-Stealing Malware
Kaspersky Labs uncovered a very sophisticated cyber scam involving thousands of counterfeit Android smartphones preloaded with malware that is designed to steal cryptocurrencies and sensitive user data. According to an April 1 statement by the cybersecurity firm, the compromised devices are being sold online at discounted prices but are infected with an advanced version of the notorious Triada Trojan. This malware embeds itself deep into the device's firmware, and gives attackers near-complete control and the ability to manipulate processes without the user's knowledge.
Triada Trojan capabilities
Dmitry Kalinin, a cybersecurity expert at Kaspersky, revealed that the Trojan makes it possible for attackers to hijack financial transactions by replacing cryptocurrency wallet addresses, effectively redirecting funds. He added that transaction analysis suggests the attackers have already stolen around $270,000 in cryptocurrencies, although the true figure could actually be higher.
This could very likely be the case since Monero was also targeted. Beyond crypto theft, the malware is capable of harvesting account credentials, intercepting incoming and outgoing text messages, including two-factor authentication codes, and gaining access to a user’s digital identity.
Kaspersky’s investigation indicates that the malware is embedded during the smartphone’s manufacturing or distribution process. This means that many online sellers may be unaware that they are selling the infected devices. The firm confirmed close to 2,600 infections across multiple countries so far, with a larger concentration of cases in Russia during the first quarter of 2025.
Fake vs real Android smartphone (Source: Hovetek)
The Triada Trojan was originally discovered in 2016, and it has a long history of targeting financial and messaging applications like WhatsApp, Facebook, and Google Mail. It typically spreads through malicious downloads and phishing campaigns, but this latest scheme is particularly dangerous because it compromises the device before it even reaches the consumer. Kalinin warned that Triada is one of the most complex and dangerous threats to Android users today.
Kaspersky advised consumers to buy smartphones only from trusted distributors and to install robust security solutions immediately after purchase. Other cybersecurity firms also flagged increasing malware threats that are aimed specifically at crypto users.
Threat Fabric recently reported a new malware family capable of launching fake overlays to steal crypto seed phrases. Microsoft also disclosed the discovery of a new remote access trojan that targets crypto holdings in 20 Chrome wallet extensions.
DDoS Attacks Become Geopolitical Weapon
Distributed denial-of-service (DDoS) attacks are also very quickly evolving into one of the most serious cyber threats. Network security firm Netscout warned that they have become a "dominant geopolitical weapon."
In its latest report, Netscout revealed that DDoS attacks surged by 12.7% in the second half of 2024 compared to the first half, totaling almost 9 million incidents. This brought the total number of attacks for the year to 16.8 million, which was an almost 30% increase from the 13 million attacks that was recorded in 2023.
DDoS attacks work by overwhelming targeted servers, services, or networks with excessive internet traffic, effectively disrupting normal operations. The report pointed out that Latin America and the Asia Pacific regions experienced the largest increases in attack volume, with spikes of around 30% and 20%, respectively, compared to the first half of the year.
Weekly DDoS statistics for 2024 (Source: Netscout)
Netscout’s researchers believe that these attacks are no longer simply about internet disruption but are being strategically used during elections, protests, policy disputes, and periods of national instability to erode public trust and amplify chaos. They described DDoS attacks as “precision-guided digital weapons” that are increasingly integrated into modern geopolitical conflicts.
A major factor in the rise of DDoS activity is the growing role of artificial intelligence and automation. Cybercriminals are now improving their DDoS-for-hire services with AI-driven tools that can bypass CAPTCHA systems and even adapt in real-time. The researchers shared that these services have become more powerful and accessible, especially because AI reduces the technical barriers that previously limited these attacks to highly skilled individuals.
Ashley Stephenson, chief technology officer at Corero Network Security, explained that AI-driven automation is lowering the entry barrier for attackers, allowing even less experienced people to execute sophisticated DDoS campaigns.
The report also pointed to recent high-profile attacks, including two separate incidents targeting Elon Musk’s social media platform X. In August, a DDoS attack was launched during Musk’s interview with then-presidential candidate Donald Trump. In March, another massive attack temporarily prevented users from accessing the platform. A Russian-linked hacking group known as “Dark Storm” claimed responsibility for the March attack, but stated that it was not politically motivated.
Bitcoin Mailing List Possibly Hit by Spam Attack
Meanwhile, a key communication channel that is used by Bitcoin core developers and researchers was temporarily taken offline on April 2 after Google banned the Bitcoin Development Mailing List, labeling it as spam. The mailing list was hosted on Google Groups since February of 2024, and is a crucial tool for discussing potential changes to the Bitcoin protocol. The ban lasted several hours across April 2 and 3, and it prevented developers from interacting and collaborating.
Bitcoin Development Mailing List ban warning on Google
Bitcoin Core developer Bryan Bishop speculated that the suspension may have been the result of a coordinated attack involving bots or people mass-reporting the mailing list to Google. Bishop explained that these tactics are very commonly used to censor or ban online communities and have been seen across platforms like YouTube, X, and TikTok. The issue was resolved by Google Workspace Support on April 3, which allowed the group to resume normal activity.
The incident also drew some attention from Bitcoin advocate and Block Inc head Jack Dorsey, who urged Google CEO Sundar Pichai to investigate the ban. The Bitcoin mailing list has been a critical forum for the Bitcoin community since its early days, tracing back to when Satoshi Nakamoto first shared the Bitcoin white paper on a cryptography mailing list in 2008.
Despite the disruption, mailing list moderators have no plans to abandon Google Groups. According to Bishop, the email-based format of the mailing list is essential to maintain continuity and any alternative platform will also need to support email communication. He also clarified that Bitcoin protocol discussions extend beyond the mailing list to platforms like GitHub and the decentralized social network Nostr, ensuring that dialogue about Bitcoin development stays resilient and decentralized.