Internet scammers are using hijacked accounts on Twitter Inc. to promote dubious cryptocurrency platforms that, once installed, enable them to compromise victims’ sensitive data, according to new findings provided exclusively to Bloomberg News.
Since March, fraudsters have impersonated journalists, crypto apps and a variety of nonfungible token (NFT) projects on Twitter in order to steal users’ virtual currency, usernames and password credentials, according to research from Satnam Narang, a staff research engineer at the cybersecurity firm Tenable Inc. Many of the targeted accounts are verified, an indication to investigators that scammers are either hacking specific pages, paying for illicit access, or both.
As part of the alleged scam, thieves have masqueraded as members of the Bored Ape Yacht Club, a popular collection of NFTs, as well as the Azuki collection, the MoonBirds project and the Okay Bears NFT community, which has more than 150,000 Twitter followers, Narang found.
In one instance, scammers posed as a legal affairs reporter from the Age, an Australia-based news service, asking users to visit a suspicious link in order to claim a small amount of the virtual currency Ethereum, according to the research. Intruders also appear to have temporarily taken over the Twitter page of a freelance journalist who covers the gaming industry and created profiles that appear similar to real ones, according to the findings.
The imposter Twitter accounts have typically encouraged followers to visit specific links, or download new apps, Narang said. Those apps often persuade users to provide access to their mobile cryptocurrency wallets, from which the attackers can quickly extract funds. Each of the fraudsters’ pages, whether an
Read more on moneycontrol.com