Scammers are combining social engineering with phony Telegram verification bots that inject crypto-stealing malware into systems to raid crypto wallets, blockchain security firm Scam Sniffer has warned. 

In a Dec. 10 X post, Scam Sniffer said scammers are creating fake X accounts impersonating popular crypto influencers, then inviting users to Telegram groups with promises of investment insights.

Once in the Telegram group, users are asked to verify through “OfficiaISafeguardBot,” a fake verification bot that “creates artificial urgency” with short verification windows, the firm said.

Scammers impersonate popular crypto influencers on X and then invite users to malicious Telegram groups. Source: Scam Sniffer

The bot then injects a malicious PowerShell code that downloads and runs malware to comprise computer systems and crypto wallets. Scam Sniffer said it has noted “numerous cases” where similar malware led to the theft of private keys.

Scam Sniffer told Cointelegraph that the recent known cases of this type of scam were all caused by the fake verification bot.

“It’s currently unclear if there are other malicious bots. However, it’s obviously simple for them to impersonate others as well,” the firm said. 

According to Scam Sniffer, malware that targets regular users has “existed for a long time,” but the infrastructure behind such malicious software is “developing rapidly” and becoming “quite sophisticated.”

It explained that when scammers have successful heists and demand grows, they evolve into a scam-as-a-service, similar to how crypto wallet-draining software makers hire out their tools to phishing scammers.

Scam Sniffer added while it had seen malware distributed through Telegram and instances of scammers impersonating others to trick run malicious code, “this is the first time we’re seeing this specific combination of fake X accounts, fake Telegram channels and malicious Telegram bots.”

All recent and known cases of this scam type were caused by the fake Safeguard bot. Source: Scam Sniffer

Meanwhile, the security firm said it has noted a surge in scammers impersonating others on X and shilling sham links and tokens. 

On average, Scam Sniffer’s monitoring system has found an average of 300 X impersonators a day so far this month, compared to the November average of 160.

At least two victims have lost over $3 million from clicking malicious links and signing transactions from some of these fake accounts, it added.

Cado Security Labs has also sounded the alarm that Web3 workers are being targeted by a campaign using fake meeting apps to inject malware and steal credentials to websites, apps and crypto wallets. 

Web3 security platform Cyvers similarly warned this month that phishing attacks could surge in December as hackers attempt to exploit the growth in online transactions ahead of the holiday season.

Magazine: How to pick a crypto gaming token winner this bull run: Web3 Gamer