Scammers are using a mix of social engineering and phony Telegram verification bots to inject crypto-stealing malware into victims’ systems, blockchain security firm Scam Sniffer has warned.
In a Dec. 10 X post, Scam Sniffer revealed that fraudsters are creating fake X accounts to impersonate well-known crypto influencers. They then invite users to join Telegram groups under the guise of offering exclusive investment insights.
Once inside the Telegram group, users are prompted to verify their identities through “OfficiaISafeguardBot,” a fraudulent verification bot. According to Scam Sniffer, this bot “creates artificial urgency” by imposing short timeframes for verification.
How the Scam WorksThe fake bot injects malicious PowerShell code into victims’ systems, downloading and running malware designed to compromise both computer systems and crypto wallets. Scam Sniffer reported “numerous cases” of this malware being used to steal private keys, enabling the theft of cryptocurrency.
The security firm explained that the recent known cases of this scam were all linked to the fake verification bot.
“It’s currently unclear if there are other malicious bots. However, it’s obviously simple for them to impersonate others as well,” Scam Sniffer told Cointelegraph.
Sophisticated Infrastructure Behind the ScamScam Sniffer noted that while malware targeting everyday users has existed for a long time, the infrastructure supporting such scams is “developing rapidly” and becoming increasingly “sophisticated.”
The firm likened this evolution to a “scam-as-a-service” model, where creators of crypto wallet-draining malware provide their tools to phishing scammers for profit.
Although malware distribution via Telegram and impersonation scams are not new, Scam Sniffer stated, “This is the first time we’re seeing this specific combination of fake X accounts, fake Telegram channels, and malicious Telegram bots.”