Internet scammers use hacked accounts on Twitter Inc. to advertise dubious cryptocurrency platforms that, once installed, allow them to compromise victims’ sensitive data, according to new findings published exclusively by Bloomberg News.
Since March, scammers have posed as journalists, crypto programs and a variety of non-fungible token (NFT) projects on Twitter to steal users’ virtual currency, usernames and password IDs, according to studies by Satnam Narang, a research engineer. in cybersecurity. Tenable Inc.
Many selected accounts are verified, telling researchers that scammers hack pages, pay for illicit access, or both.
As part of the alleged scam, the thieves posed as members of Bored Ape Yacht Club, a popular NFT collection, such as the Azuki Collection, MoonBirds Project, and the Okay Bears NFT community, which has more than 150,000 followers on Twitter, Narang. found.
In one case, scammers posed as a legal affairs reporter for The Age, an Australian-based news service, and asked users for a suspicious link to claim a small amount of the virtual currency Ethereum, according to the investigation.
The intruders also appear to have temporarily taken from the Twitter page of a freelance journalist covering the gaming industry and created profiles that appear similar to genuine ones, according to the results.
Twitter accounts of imposters have encouraged fans to stop at express links or download new apps, Narang said.
These apps convince users to give access to their cellular cryptocurrency wallets, from which attackers can temporarily extract funds. Each of the scammers’ pages, whether it’s an app or a phishing link, is conscientiously designed to look like legitimate and reliable websites, based on the results.
The tactic represents an update on a more classic fraud strategy of sending social media users en masse or impersonating prominent people, such as Tesla Inc. CEO Elon Musk, a superseded tactic that is undeniable to detect, Narang said in an interview.
Using verified Twitter accounts adds a layer of legitimacy, and the ability to have the opportunity to make money in cryptocurrencies adds some urgency to the system, Narang said.
“They seem indistinguishable from genuine sites, and other people just don’t look at the links thoroughly,” he said.
When a Bloomberg News reporter analyzed an app purporting to be for Azuki, an anime-themed NFT task with more than 300,000 subscribers, he flagged it as malware.
In May, scammers used a fraudulent Twitter page @OlthersideMeta, leading users to @OthersideMeta, a valid site that mixes video games with the metaverse, according to the investigation.
Losses from scams are difficult to quantify, however, the activity is the latest example of attackers taking advantage of cryptocurrencies, and the hype surrounding projects, to generate funds.
Americans reported more than $1. 6 billion in cryptocurrency-related fraud in 2021, a large backlog from $246 million last year, according to the FBI’s Internet Crime Complaint Center report.
PromotedSave the newest songs, in JioSaavn. com
Most likely, the actual figure will be much higher, as many potential investors flock to speculative-type schemes and report cases of fraud, Narang said.
“Scammers are very adept at focusing on what other people are interested in,” he added. “This is a small pattern of what’s happening in this space. “
Follow:
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advertising. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .