SlowMist, a company operating in the blockchain security space, has published its analysis of security events for the fourth quarter of 2025.
The report warns users about a recent resurgence of malware attacks and a new, more sophisticated phishing method.
According to SlowMist, attackers are using a new technique called “browser history poisoning.” In this method, even if users manually enter the correct domain name of an official platform, the browser’s autocomplete feature may redirect them to a fake website. Some victims reported entering the address correctly, but the browser automatically completed a pre-created fake domain name.
The report specifically stated that this was not due to user error. He explains that the attackers previously “poisoned” the browser history via advertisements, social media redirects or fake ads, allowing the fake domain name to be recorded in the browser’s autocomplete system. When the user enters the same address again, the browser automatically redirects them to the phishing site, which has an almost identical interface to the official site.
In contrast, SlowMist has seen a significant resurgence in malware attacks targeting computers. Attackers typically install malware silently on users’ devices via phishing links, private messages sent via social media, or files disguised as “resource/tool downloads.” A warning has been issued that if a device is compromised, data, especially that belonging to cryptocurrency wallets, is at serious risk.
SlowMist said users should not blindly trust browser autocomplete suggestions, should open links directly from bookmarks, and should be extremely cautious about files and links from unknown sources.
*This does not constitute investment advice.
