Cryptocurrency Scams Surge Using Fake Telegram Verification Bots

- The use of fake Telegram verification bots to inject malware has led to a surge in cryptocurrency theft cases - Fraudulent schemes doubled in December, warning users to remain vigilant about security [Unblock Media] Malware using fake Telegram verification bots to steal cryptocurrencies is on the rise. Scam Sniffer reports that this combination of scam tactics is unprecedented. This detailed examination reveals how cryptocurrency scammers are using social engineering and fake Telegram verification bots to inject malware into systems. This scam technique begins with fake Telegram accounts impersonating well-known cryptocurrency influencers. According to Scam Sniffer, the number of such fake accounts has surged during the end-of-year trading season, nearly doubling in December compared to November. These fake accounts invite users to Telegram groups, promising investment insights, and once users join the group, they are required to undergo a verification process through a fake bot called "OfficiaISafeguardBot." This verification bot creates an artificial sense of urgency to complete the process quickly. The verification bot actually injects malicious PowerShell code, which downloads and executes malware that compromises computer systems and cryptocurrency wallets. Scam Sniffer reports multiple instances of personal keys being stolen due to this malware from late 2022 to early 2023. Scam Sniffer confirmed that all recent known cases of this scam involved the fake verification bot. Scam Sniffer states, “It’s unclear if there are other malicious bots, but it’s easy for them to impersonate others.” They also explain that the infrastructure to inject malware into users is rapidly evolving and "becoming very sophisticated." As successful cases of this scam increase and demand grows, it is likely that scammers could evolve this method into a service model. This evolution has been seen before with similar malicious activities, such as the recently emerged Scam-as-a-Service model, where phishing scammers can rent software to steal cryptocurrency wallets. Additionally, Scam Sniffer points to an increase in painful scams on Telegram recently. The promotion of fake links and tokens is rising, with around 300 such impersonation accounts detected daily, a significant increase from the average of 160 in November. At least two victims have suffered losses exceeding $3 million due to clicking on malicious links and signing transactions. Furthermore, Cado Security Labs has warned that Web3 workers are being targeted by campaigns using fake meeting apps to steal credentials and cryptocurrency wallets. This campaign has already resulted in numerous victims, with losses expected to be in the millions of dollars. Similarly, Web3 security platform Cyvers has warned of a surge in phishing attacks in December, exploiting the increased online transactions during the holiday season. These growing attempts to steal cryptocurrencies through various forms of malware underline the need for users to be more vigilant and security-conscious.