New Twitter spam campaign steals users’ cryptocurrency

Kaspersky researchers have uncovered a new spam campaign spreading through direct messages on Twitter and stealing the cryptocurrency of affected users. Users are asked for help to withdraw hundreds of thousands of dollars from the crypto account of a stranger on Twitter. However, to help the stranger, victims are encouraged to create and pay for a VIP account on the scam domain, leading them to lose their coins.

Twitter is one of the most popular social networks in the world, with nearly 400 million active monthly users. Numerous users, who have never met in their lives, interact and exchange ideas, so a direct message received from a stranger may not initially come as much of a surprise to avid Twitter users.

In this message, a stranger asks for urgent help: he’s having trouble accessing his account on a cryptocurrency exchange, so he asks you to help him withdraw a certain amount of cryptocurrency from his wallet. In the message, he specifies the domain to enter, his username, password, and the amount of cryptocurrency in his wallet, often reaching hundreds of thousands of dollars. Kaspersky experts presume that, potentially, a stranger could promise victims a small amount of money in exchange for help with withdrawals. However, this is just a trap.

The stranger specifically wrote a domain with a space before the dot to bypass mail protection tools

By following the domain shared by the stranger, the victim ends up on a site claiming to be an investment platform. After the user enters the username and password he received, he gets into the stranger’s account, where there really is the specified amount. It’s noteworthy that just the appearance of the site can already elicit mistrust on the part of a potential victim: a poorly laid out page with a weak design, where the contact list consists only of mail, not the names and photos of the creators of the platform.

The stranger’s account does show a six-figure sum of money, as he indicated in the message

To withdraw the currency, the victim is asked to provide their own wallet address, blockchain, and, surprisingly, an additional password. But the victim does not have this additional password. Thus, the platform offers the victim a way to transfer funds directly within the system, in which case the additional password is not needed – just create an account with VIP status, which costs a small sum of money.

As soon as a victim registers in the system and enters their crypto wallet data to pay for VIP status, the funds are stolen from his account. In a nutshell, the user is induced in one way or another to create a VIP account and pay for it, but the victim does not get anything in exchange and only loses their coins.

The platform shows a bright instruction on how to create VIP account

“We first discovered such a scheme where attackers pretend to be simpletons on Twitter and ask strangers to help them withdraw money from a cryptocurrency wallet in order to actually steal coins from the victim’s account,” said Andrey Kovtun, security expert at Kaspersky. “But this crypto scam, unfortunately, is far from the only example. Cryptocurrency remains an extremely hot topic for attackers, as more and more users open cryptocurrency wallets and convert their currencies into coins. Blockchain also allows attackers to steal funds from victims without leaving a trace, which doesn’t make things any better. We expect more and more other sophisticated examples of crypto scams to appear soon, so all users who use crypto should be aware of how to keep their accounts, wallets and coins secure.”

Learn more about the latest crypto threats and online scams on KDaily

To avoid falling victim to this spam campaign, Kaspersky recommends users as follows:

  • Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by creating a sense of urgency. For example, the subject line may contain words like “urgent” or “immediate action required” – to pressure you into acting.
  • Pay attention to how you react to spam messages. If you can avoid doing so, it’s best not to click on or open spam messages. When in doubt, be cautious by deleting messages you are unsure of. It’s an unsafe practice to reply to a spam message – doing so alerts the scammers that yours is a live email address and invites yet more spam. Don’t click on links or open attachments in spam emails to avoid downloading malware or falling victim to a phishing attack.
  • Even if a message or a letter came from one of your best friends, remember that their accounts could also have been hacked. Remain cautious in any situation. Even if a message seems friendly, treat links and attachments with attention.
  • Install a trusted security solution and follow its recommendations. Then secure solutions will solve the majority of problems automatically and alert you if necessary.