cryptorank.io
|
ksl
|
|
A crypto professional documented a multi-stage social engineering attack that began with a compromised Telegram contact and ended at a fake Microsoft Teams page requesting a PowerShell command. The phishing domain teams.livescalls.com blocked mobile access entirely – forcing desktop use to avoid the smaller screen revealing the ruse – and disguised malware as a routine TeamsFx SDK update. What separates this from bulk phishing is the patience. Attackers spent days building trust through a hijacked real contact before pushing the payload. Similar operations have been hitting Web3 founders and crypto VCs with growing frequency, almost always using familiar collaboration tools as the entry vector. The giveaway was a PowerShell bypass command buried behind an innocent-looking prompt.
