Google Warns of New LOSTKEYS Malware Linked to Russian Threat Actor COLDRIVER
Google's Threat Intelligence Group (GTIG) has identified a new malware threat, LOSTKEYS, capable of stealing files and system data. The malware has been used in attacks since January 2025 and has been linked to the Russian government-backed threat actor COLDRIVER.
Earlier versions of LOSTKEYS were discovered dating back to December 2023, indicating a longer history of this malware. LOSTKEYS has been employed in attacks during January, March, and April 2025, suggesting a recent increase in activity. The malware is delivered through a complex, three-stage infection process, making it difficult to detect and remove.
GTIG urges at-risk users to enhance their security by enrolling in Google's Advanced Protection Program and enabling Enhanced Safe Browsing in Chrome. This will provide an additional layer of protection against such sophisticated threats. Each LOSTKEYS infection chain is customized with unique identifiers and encryption keys, making it challenging to trace and attribute attacks. Despite extensive searches, no information has been found about the organization behind the LOSTKEYS attacks or the exact time frame for earlier versions of this malware.
LOSTKEYS is a serious threat, believed to be deployed only in particularly high-value scenarios. As COLDRIVER continues to develop more advanced malware tools, users must remain vigilant and proactive in their cybersecurity measures. Google's recommendations provide a starting point for protecting against such sophisticated threats.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- Jaguar Land Rover's Cyberattack Halts Production, Impacting 100,000 Jobs
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
