Scammers Exploit Telegram Bots To Steal Cryptocurrency

According to Cointelegraph, scammers are employing social engineering tactics combined with fake Telegram verification bots to inject malware into systems, targeting cryptocurrency wallets. Blockchain security firm Scam Sniffer has highlighted this growing threat, noting that these scams often begin with the creation of fake X accounts impersonating well-known crypto influencers. These accounts then lure users into Telegram groups under the guise of offering investment insights. Once users join these Telegram groups, they are prompted to verify their identity through a fraudulent bot named 'OfficiaISafeguardBot.' This bot creates a sense of urgency by imposing short verification windows, which pressures users into compliance. The bot subsequently injects malicious PowerShell code that downloads and executes malware, compromising computer systems and crypto wallets. Scam Sniffer has reported numerous instances where such malware has resulted in the theft of private keys. The firm informed Cointelegraph that all recent known cases of this scam have been linked to the fake verification bot. While it remains uncertain if other malicious bots are involved, the ease with which scammers can impersonate others is evident. Scam Sniffer emphasized that malware targeting regular users has been around for a long time, but the infrastructure supporting these malicious activities is rapidly evolving and becoming increasingly sophisticated. Scammers have adapted their tactics, turning successful heists into a scam-as-a-service model, akin to how creators of crypto wallet-draining software lease their tools to phishing scammers. Although Scam Sniffer has previously observed malware distribution through Telegram and impersonation scams, this is the first instance of a coordinated effort involving fake X accounts, Telegram channels, and malicious bots. The security firm has also observed a rise in scammers impersonating others on X, promoting fraudulent links and tokens. Scam Sniffer's monitoring system has detected an average of 300 impersonators daily this month, a significant increase from November's average of 160. At least two victims have reportedly lost over $3 million due to malicious links and transactions initiated from these fake accounts. In addition, Cado Security Labs has warned that Web3 workers are being targeted by a campaign using fake meeting apps to inject malware and steal credentials for websites, apps, and crypto wallets. Similarly, Web3 security platform Cyvers has cautioned that phishing attacks may increase in December as hackers seek to exploit the rise in online transactions during the holiday season.