Scammers exploit fake Telegram bots to spread malware, stealing crypto wallets via social engineering. Victims lose millions in rising holiday scams.
These scams infect victims’ systems with malware through social engineering techniques.
Scam Sniffer, a blockchain security company, has issued warnings over a recent surge in scams that employ phony Telegram verification bots to target cryptocurrency users.
These methods compromise cryptocurrency wallets by infecting victims’ systems with malware through social engineering techniques.
Scam Sniffer described how scammers use phony X accounts to mimic well-known cryptocurrency influencers in a post on X dated December 10.
Scammers Trick People Into Joining Telegram Groups
The scammers entice gullible individuals into Telegram groups by promising them access to secret investment ideas.
After entering the group, participants are directed to use a bot known as “OfficiaISafeguardBot” to validate their credentials.
With brief verification windows, this phony verification bot instills a sense of urgency in users, encouraging them to take immediate action.
Scam Sniffer claims that the bot downloads and runs malware by inserting malicious PowerShell code into victims’ machines.
By compromising the systems, this spyware gives criminals access to private keys, which they can use to plunder cryptocurrency wallets.
Scam Sniffer documented multiple instances of malware theft that were directly connected to this fraudulent bot.
The company observed identical fraudulent verification procedures used in every recently discovered case.
The security company highlighted how readily scammers may mimic other services, even though other harmful bots may exist.
According to Scam Sniffer, the infrastructure underlying these frauds is changing quickly, comparing the strategy to a “scam-as-a-service” model.
This idea is similar to how developers of programs that drain cryptocurrency wallets rent their software to phishing scammers.
Although malware targeting everyday users is not new, the company pointed out that this combination of dangerous bots, Telegram channels, and phony X accounts is a worrying trend.
Scams have become more common on X as well. December saw an average of 300 imitation accounts per day, almost tripling the average of 160 in November, according to Scam Sniffer’s monitoring system.
These phony accounts frequently cause significant losses by promoting bogus tokens and harmful connections. According to reports, at least two victims have lost more than $3 million as a result of dealing with these scams.
Other security companies have repeated Scam Sniffer’s cautions.
Fake Meeting Apps Target Web3 Workers
A recent attack targeting Web3 employees with phony meeting apps intended to steal login information and access to cryptocurrency wallets was discovered by Cado Security Labs.
According to Web3 security platform Cyvers, phishing assaults will grow in December as fraudsters take advantage of the spike in online activity during the holidays.
Radiant Capital has disclosed that $50 million was stolen from its decentralized finance (DeFi) platform due to a breach.
According to reports, cybersecurity company Mandiant came to the “high confidence” conclusion that a threat actor associated with the Democratic People’s Republic of Korea (DPRK) was responsible for the attack.
Radiant has already been the target of several significant attacks this year.
A $4.5 million flash loan scam hit the platform in January, forcing its lending markets to be suspended.
South Korea has also accused North Korea of masterminding the 2019 breach on the cryptocurrency exchange Upbit, which led to the theft of 342,000 Ethereum, worth $41.5 million at the time.
