Security firm SlowMist has issued a warning about a wave of crypto thefts orchestrated by fake journalists.
In a recent Medium post , the company said the first instance of this malicious campaign was reported on October 14 when a Twitter user named Masiwei alerted the community about a targeted attack on friend.tech for account theft.
SlowMist’s security team conducted an analysis and discovered that the attackers were sending links containing malicious JavaScript scripts.
The goal was to trick users into adding these links as bookmarks, laying the groundwork for future malicious activities.
Shortly after, on October 17, a victim named Double Wan reported that their assets on friend.tech were stolen.
“The SlowMist Security Team immediately assisted the victim in tracking and investigating the theft. Through the efforts of the SlowMist team and the cooperation of OKX, the stolen funds were successfully intercepted,” the report said.
In order to pull off the hack, the attackers posed as journalists from reputable news agencies and even managed to accumulate a substantial following on Twitter.
They then targeted their victims with a malicious JavaScript script. The attackers focused on Key Opinion Leaders (KOLs) as their primary targets, banking on their popularity and the likelihood of receiving interview invitations.
Once an interview was scheduled, the attackers would guide the victims to join the conversation on Telegram, providing an interview outline to establish credibility.
After the interview concluded, the attackers would ask the victims to fill out a form and open a phishing link provided.
This link, under the guise of verification, aimed to deceive users into revealing their friend.tech account
Read more on cryptonews.com