Kaspersky Warns of Phishing Campaign Targeting Coinbase Users on Windows Devices
Cybersecurity firm Kaspersky has issued a warning about a sophisticated phishing campaign targeting users of Coinbase, one of the world’s leading cryptocurrency exchange platforms. The attackers are attempting to deceive victims into downloading malicious software disguised as a legitimate account statement, potentially resulting in the theft of funds or complete loss of access to Coinbase accounts.
According to Kaspersky, the campaign begins with a phishing email that prompts recipients to view their Coinbase account statement via a link. The email claims that the document can only be opened on Windows-based desktops or laptops, pushing users to download and open the file on these systems.
Once downloaded and opened, the file secretly installs remote access software, granting cybercriminals full control over the victim’s computer. Victims are then asked to log in to their Coinbase accounts, unknowingly exposing their login credentials to the attackers—who can subsequently drain wallets or lock users out of their accounts entirely.
“This phishing campaign is a stark reminder of how cybercriminals exploit trusted platforms like Coinbase to deceive users,” said Olga Altukhova, Senior Web Content Analyst at Kaspersky. “By disguising their malicious tool as an account statement, attackers are weaponizing user trust. We strongly urge everyone to verify links and files before opening them. Legitimate services would never instruct users to access links exclusively on Windows devices.”
To help users stay protected from phishing attacks, Kaspersky recommends the following best practices:
Verify unexpected messages, calls, or links—even those appearing legitimate—and never share two-factor authentication (2FA) codes.
Inspect videos for unnatural movements or unrealistic offers that may signal deepfake content.
Deny camera access requests from unverified websites and avoid uploading signatures or sensitive data to unknown platforms.
Limit online sharing of personal or work-related information, such as ID documents or internal files.