Odaily News Cybersecurity experts recently discovered a double malware attack targeting users inside and outside the cryptocurrency industry. In its latest report, cyber intelligence company Silent Push revealed a malicious campaign called PoisonSeed, which first forged the login pages of bulk email service providers such as Mailchimp and SendGrid to steal user credentials. The attacker sent a fake email, claiming that the user's account was restricted, tricking them into logging into a high-imitation website. After entering their credentials, the attacker quickly and automatically exported the email subscription list. Subsequently, the attacker used the stolen subscription list to impersonate Coinbase to send phishing emails to the victim's contacts, claiming that the exchange "is transitioning to a self-hosted wallet" and attached a 12-word mnemonic phrase to trick users into importing their wallets, which actually allowed hackers to control their assets. (Decrypt)