Cryptocurrency scammers use Telegram to steal cryptocurrencies

Cryptocurrency scammers have stepped up their activity by using fake Telegram bots to verify identities. They are deploying malware to steal cryptocurrencies. The attack begins with fake accounts on the social network X (formerly Twitter) that pose as well-known crypto influencers. The scammers lure users into Telegram groups by promising investment advice.

In these groups, users are asked to undergo verification via a bot called OfficiaISafeguardBot. The bot creates a sense of urgency by requiring them to complete the verification within a limited time. As a result, the bot injects malicious PowerShell code that downloads and activates programs for stealing crypto wallets. Experts emphasize that all recently recorded cases of fraud are associated with this bot. While it is not known whether other bots are used, the increasing complexity of the infrastructure of such attacks is obvious.

It is reported that in December, an average of 300 fake accounts were detected daily, which is almost double the number compared to November. At least two victims lost more than $ 3 million due to fake links and fraudulent transactions. In addition, Web3 workers are being targeted by attacks through fake meeting apps that inject malware to steal credentials. Experts warn that the number of phishing attacks may increase in December due to the increase in online transactions during the holiday period.