Scammers Exploit Telegram Verification Bots to Spread Crypto-Stealing Malware
Fake Telegram channels and bots combined with social engineering to target crypto wallets
Scammers have begun using Telegram verification bots to inject crypto-stealing malware into systems, a novel method combining fake Telegram channels, X accounts, and social engineering tactics. Blockchain security firm Scam Sniffer identified this new scam in a Dec. 10 X post, warning of its potential impact.
Scammers impersonate popular crypto influencers using fake X accounts to invite users into Telegram groups under the guise of sharing investment insights. Within these groups, users are instructed to verify their identities via “OfficiaISafeguardBot,” a fraudulent verification bot. The bot creates a false sense of urgency by limiting the verification window.
How the Scam Works
The fake bot injects malicious PowerShell code into victims’ systems, enabling the download and execution of malware that compromises computer systems and crypto wallets. Scam Sniffer reported several cases where similar malware was used to steal private keys.
All recent cases of this scam were linked to the fake verification bot, Scam Sniffer confirmed. While no other malicious bots have been detected yet, the firm noted the ease with which scammers could impersonate others to deploy similar tools.
The infrastructure supporting such malicious software is evolving rapidly, becoming increasingly sophisticated. Scam Sniffer described the phenomenon as a shift towards “scam-as-a-service,” akin to how crypto wallet-draining software developers lease tools to phishing scammers.
Rising Crypto Scam Trends
Scam Sniffer highlighted that this combination of fake X accounts, Telegram channels, and malicious bots marks the first instance of such a scam. Additionally, impersonation scams on X have surged, with an average of 300 impersonator accounts detected daily this month, compared to 160 in November.
At least two victims have reportedly lost over $3 million after clicking malicious links and signing transactions from fake accounts.
In related developments, Cado Security Labs flagged fake meeting apps targeting Web3 workers to steal credentials and crypto wallets. Web3 security platform Cyvers also cautioned that phishing attacks are likely to rise in December as hackers exploit increased online activity during the holiday season.
#TelegramScam #CryptoSecurity #ScamSniffer #PhishingAttack #CryptoWallet #BlockchainSecurity #SocialEngineering #ScamPrevention #Web3Security #MalwareAttack #FakeVerificationBots #CryptoFraud #OnlineSecurity #DigitalThreats #BlockchainNews #CryptoNews