Fake AI & Gaming Startups Spread Crypto-Stealing Malware

by Justin Erickson

Darktrace researchers warn of an ongoing social-engineering scam campaign that sets up convincing—but entirely fake—AI, gaming, and Web3 “startups.” Threat actors create realistic websites and use compromised X (Twitter) and Discord accounts to invite victims to “test” new apps, as well as Notion pages and GitHub repos to further legitimize their fake company. The downloads carry infostealer malware such as Realst, capable of emptying crypto wallets on both Windows and macOS. This operation has been active since at least late 2024. Victims usually receive direct messages on X, Telegram, or Discord from fake employees offering cryptocurrency in exchange for testing their software. For a list of known fake startups using this scam, check the article from Darktrace below.