Phishing Scams Are Evolving

A new wave of crypto scams is exploiting social media, with attackers creating fake X (formerly known as Twitter) accounts to impersonate prominent influencers.

These accounts lure unsuspecting users into fraudulent Telegram groups, where victims are deceived into installing malware.

This malware, engineered through sophisticated social engineering tactics, targets and compromises crypto wallet data, leaving users vulnerable to significant losses.

1/7 🚨 SECURITY ALERT: New sophisticated scam targeting crypto users through fake Telegram groups.

Attackers are impersonating multiple crypto influencers and using malicious bots for verification. Here's how it works... 🧵 https://t.co/KaetjSHW1I pic.twitter.com/YwFM5RBl3V

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024

Users Lured into Telegram Groups

Blockchain security firm Scam Sniffer unveiled how scammers are exploiting social media by impersonating prominent crypto influencers through fake X accounts in a 10 December post on X.

These imposters strategically comment on legitimate posts, luring users with promises of exclusive investment insights and "alpha"" tips.

Victims are then directed to Telegram groups where they are prompted to complete a verification process via a bot named OfficiaISafeguardBot.

This bot manipulates users with urgency, compelling them to act quickly.

3/7 ⚠️ Once in the Telegram group, users are immediately prompted to verify through OfficiaISafeguardBot.

This fake bot creates artificial urgency with extremely short verification windows. 🕒 pic.twitter.com/wGC1m8Fai1

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024

However, the so-called verification is a cleverly disguised trap.

By complying, users unknowingly execute malicious PowerShell code injected into their clipboard, which downloads malware designed to compromise their systems and steal sensitive data, including crypto wallet information.

Scam Sniffer reported that the malware has been flagged as harmful by VirusTotal and cited past instances of similar attacks resulting in private key theft and significant financial losses.

5/7 ⚡ The malware has been flagged by VirusTotal as malicious.

We've seen numerous cases recently where similar malware led to private key theft.
Many users have fallen victim to these sophisticated attacks. 🔑https://t.co/3NhPXxdwJD pic.twitter.com/h3RrNagDp6

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024

All recent cases investigated by the firm shared this fraudulent verification method.

Scams Becoming More Sophisticated & on the Rise

Scam Sniffer has raised alarms about the evolving sophistication of crypto scams, emphasizing how easily attackers can impersonate legitimate services.

This growing trend, described as a "scam-as-a-service" model, reflects how creators of wallet-draining malware lease their tools to phishing networks.

7/7 ⚠️ This represents a new evolution in crypto scams - moving beyond simple phishing to combine social engineering with malware.

Stay vigilant and share this to protect others. 🔐

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024

While malware targeting everyday users is not new, the combination of fake X accounts, Telegram groups, and malicious bots represents a troubling escalation.

The prevalence of such scams on X has skyrocketed.

Scam Sniffer's monitoring system detected an average of 300 impersonation accounts daily in December, nearly double November's figure of 160.

These accounts actively promote fraudulent links and tokens, causing significant financial harm.

🚨 SCAM ALERT: Surge in X Impersonations 📈

Our monitoring system detected a significant increase in crypto fake accounts this week, with daily numbers reaching 300+ (vs. Nov avg. 160) 📊

⚠️ Two victims lost over $3M recently from clicking malicious links/signing transactions… pic.twitter.com/eGhG1GPX0r

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024

At least two victims have reportedly lost over $3 million each through these schemes.

The security firm warns that this surge in scam activity highlights the increasingly organised infrastructure behind such operations, a sentiment echoed by other cybersecurity organisations.

Phishing activities have increased significantly recently. Please be vigilant and guard against these risks.https://t.co/7hlKxMvG1K

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 11, 2024