A new cryptocurrency scam is targeting users who have forgotten their wallet seed phrases by offering fake recovery software that secretly installs malware. Security researchers warn that these programs steal passwords, personal files, and other sensitive data instead of restoring wallet access.
Cryptocurrency users trying to recover lost wallet access are facing a new online threat. Security researchers have identified a scam that disguises malware as free wallet recovery software, targeting people who have forgotten the seed phrase needed to unlock their digital assets.
Meanwhile, researchers say the campaign takes advantage of users who are under pressure to regain access to their cryptocurrency holdings. Instead of restoring wallets, the downloaded software collects sensitive information and sends it to cybercriminals for possible future abuse.
Fake recovery tools target forgotten seed phrases
The scam was identified by HP Security Lab after researchers found websites promoting software that claimed to recover lost cryptocurrency wallet seed phrases. These websites appeared during online searches for free recovery tools, making them easier for worried users to find.
Alex Holland of HP Security Lab explained how the scam works. He said, “Scammers are preying on people’s desperation to recover their cryptocurrency wallets.” According to Holland, users who search for a “free cryptocurrency recovery tool” may encounter fake software designed to infect their computers instead of helping recover wallet access.
A cryptocurrency wallet stores the digital keys required to manage cryptocurrency assets. During setup, wallets create a seed phrase, usually containing between 12 and 24 words. This phrase acts as the backup needed to restore access if the wallet becomes unavailable.
However, users who lose or forget that phrase may look online for recovery solutions. Criminals have built websites that promise to retrieve the missing seed phrase, encouraging visitors to download software that secretly installs malware.
Malware collects passwords and personal files
One program identified by researchers carried the name “Lost crypto wallets finder – cryptocurrency recovery toolkit.” The software claimed it could help users recover access to their digital wallets. Although the website hosting the program has since gone offline, researchers say the malware demonstrates how these campaigns operate.
After installation, the malware searches the infected computer for valuable information. According to HP Security Lab, it gathers saved passwords from web browsers, documents, photographs, and other sensitive files stored on the device.
The collected information is compressed into a ZIP archive before being transmitted to attackers. Stolen passwords and personal files can later be used in additional fraud attempts, account takeovers, or identity-related crimes.
Rather than recovering cryptocurrency, the software creates another security problem by exposing private information stored on the victim’s computer.
Security experts urge caution before downloading tools
Researchers advise users not to rush into downloading software when access to a cryptocurrency wallet has been lost. Criminals often depend on panic and urgency to convince victims to install malicious programs.
Holland said, “They’re preying on emotions. They want to take advantage of that moment of vulnerability.” He advised users to carefully research any recovery service before trusting it and to review independent feedback whenever possible.
Meanwhile, users who suspect they have downloaded malicious software should remove it using trusted security software as soon as possible. They should also change their passwords immediately, beginning with banking accounts and other services that store financial or personal information.
Security experts add that keeping secure backups of wallet seed phrases remains one of the most effective ways to avoid this type of fraud. Storing recovery phrases safely and offline reduces the need to search for unknown recovery tools, lowering the risk of downloading malware disguised as legitimate software.
Disclaimer : Crypto News India does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.
