Scam Sniffer Warns of Fake Influencers and Telegram Bots Spreading Crypto-Malware
Web3 security firm ScamSniffer has raised alarms about a sophisticated crypto scam involving fake influencers and malicious Telegram bots, designed to drain users’ wallets.
The Scam: Fake Influencers and Telegram Groups
Scammers are impersonating popular cryptocurrency influencers on X. The fake accounts promote “exclusive” Telegram groups, claiming to offer investment advice. To appear legitimate, they advertise under real posts from the influencers they impersonate.
Those who join are presented with a Telegram verification bot, “OfficialSafeguardBot.” It gives the user a limited amount of time to verify their identity.
How Malware Targets Victims
The validation process contains stages where the bot injects malicious PowerShell code into the victim’s clipboard. Users execute this unknowingly, and it leads to the malware stealing sensitive information such as private keys.
ScamSniffer said this malware has evaded most antiviruses, and only VirusTotal detects the malware as malicious. The tactics have been attributed to numerous wallet-draining cases brought forth by scammers.
Surge in Impersonation and Crypto Crimes
Impersonation on X has increased by 87% since November, allowing scammers to steal millions. Recently, two victims lost more than $3 million each after clicking on malicious links from fake influencer accounts.
This rise in crypto scams happens at a time when the market is turning bullish; Bitcoin’s rally and rising values of altcoins are making it more lucrative for cybercriminals.
In another high-profile case, the Realst malware spread through fake meeting apps, tricking victims into downloading harmful software under the pretense of business interactions. Once installed, it extracted crypto assets, browser-stored credentials, and banking details.
Precautions to Protect Yourself
To stay safe, ScamSniffer recommends:
- Using hardware wallets for better security.
- Avoiding execution of unfamiliar commands or scripts.
- Refusing to download or install unverified software.
- Past Crypto Malware Attacks
Past Crypto Malware Attacks
In October, hackers siphoned off more than $50 million from the DeFi protocol Radiant Capital using malware from a zipped PDF. The malware had been distributed through Telegram by an attacker posing as a trusted former contractor.
These incidents make up the growing threat to crypto users, including increasingly sophisticated scams.
