A sophisticated new method to scam crypto users has been discovered on Telegram, where potential victims are targeted through fake groups.
Crypto security specialist Scam Sniffer claims that attackers are impersonating crypto influencers while using malicious bots for verification.
"This represents a new evolution in crypto scams – moving beyond simple phishing to combine social engineering with malware," they said.
Here’s how this scheme works.
Scammers create fake accounts pretending to be popular crypto influencers. Then, they comment on legitimate posts on social media to invite unsuspecting users to "exclusive" Telegram groups, enticing them with promises of profitable investment insights.
Once inside, users are required to verify themselves via a fake bot, "OfficiaISafeguardBot," which injects malicious PowerShell code into the clipboard.
"When executed, it downloads and runs malware that can compromise your system and crypto wallets," Scam Sniffer explained, adding that this malware has already been flagged by VirusTotal, a tool used to analyze suspicious files, domains, IPs, and URLs, as malicious.
The security specialist reported numerous recent cases in which similar malware led to private key theft, allowing criminals to access victims' crypto assets.
However, no loss estimates have yet been provided.
According to the authors of the report, steps such as avoiding the execution of unknown commands, thoroughly verifying official channels, being cautious of time-pressured verification, using hardware wallets, refraining from running arbitrary code, and avoiding the installation of unknown software may help protect against such attacks.
In a related story, a pseudonymous crypto trader, Diego, shared how he was "fully drained," offering another warning to stay vigilant when interacting online. According to Diego, he was scammed after engaging with "a guy whose account seemed perfectly legitimate, @0xAlpha_Wolf," who tricked him into downloading malware that stole all his funds.
Despite running the software through antivirus and deactivating all wallet extensions in his browser, Diego was unable to protect his assets.
Your email address will not be published. Required fields are markedmarked