Efimer trojan: from fake lawsuits to crypto heists

Intel Name: Efimer trojan: from fake lawsuits to crypto heists

Date of Scan: August 21, 2025

Impact: High

Summary:
A widespread cybercrime campaign is distributing the Efimer Trojan, a stealthy malware designed to steal cryptocurrency through phishing emails, compromised WordPress websites, and fake torrent downloads. The phishing emails, posing as legal threats from prominent law firms, accuse recipients of domain trademark violations to trick them into opening infected attachments. Once deployed, Efimer monitors clipboard activity to replace wallet addresses, extract recovery phrases, and communicate covertly via the Tor network. In addition to phishing, the attackers use brute-force methods to access WordPress admin panels, host malicious files and collect email addresses for future spam campaigns. Their primary targets include cryptocurrency users, website administrators, and unsuspecting downloaders.

More Details