New spam campaign on a popular social media network steals users’ cryptocurrency
23-01-2023 14:53:00 | by: Nixon Kanali | hits: 1865 | Tags:

Kaspersky researchers recently uncovered a new spam campaign spreading through direct messages on Twitter and stealing the cryptocurrency of affected users.

Users are asked for help to withdraw hundreds of thousands of dollars from the crypto account of a stranger on Twitter. However, to help the stranger, victims are encouraged to create and pay for a VIP account on the scam domain, leading them to lose their coins.

Twitter is one of the most popular social networks in the world, with nearly 400 million active monthly users. Numerous users, who have never met in their lives, interact and exchange ideas, so a direct message received from a stranger may not initially come as much of a surprise to avid Twitter users.

In this message, a stranger asks for urgent help: he’s having trouble accessing his account on a cryptocurrency exchange, so he asks you to help him withdraw a certain amount of cryptocurrency from his wallet. In the message, he specifies the domain to enter, his username, password, and the amount of cryptocurrency in his wallet, often reaching hundreds of thousands of dollars. Kaspersky experts believe that, potentially, a stranger could promise victims a small amount of money in exchange for help with withdrawals. However, this is just a trap to target as many users as possible.

By following the domain shared by the stranger, the victim ends up on a site claiming to be an investment platform. After the user enters the username and password he received, he gets into the stranger's account, where there really is the specified amount. It’s noteworthy that just the appearance of the site can already bring about mistrust on the part of a potential victim: poorly laid out page with a weak design, where the contact list consists only of mail, not the names and photos of the creators of the platform.

To withdraw the currency, the victim is asked to provide their own wallet address, blockchain, and, surprisingly, an additional password. But the victim does not have this additional password. Thus, the platform offers the victim a way to transfer funds directly within the system, in which case the additional password is not needed – just create an account with VIP status, which costs a small sum of money.

As soon as a victim registers in the system and enters his crypto wallet data to pay for VIP status, the funds are stolen from his account. In a nutshell, the user is induced in one way or another to create a VIP account and pay for it, but the victim does not get anything in exchange and only loses their coins.

“We first discovered such a scheme where attackers pretend to be simpletons on Twitter and ask strangers to help them withdraw money from a cryptocurrency wallet in order to actually steal coins from the victim's account. But this crypto scam, unfortunately, is far from the only example. Cryptocurrency remains an extremely hot topic for attackers, as more and more users open cryptocurrency wallets and convert their currencies into coins. Blockchain also allows attackers to steal funds from victims without leaving a trace, which doesn't make things any better. We expect more and more other sophisticated examples of crypto scams to appear soon, so all users who use crypto should be aware of how to keep their accounts, wallets and coins secure,” said Andrey Kovtun, a security expert at Kaspersky.