Beware New Scam Modus from Telegram Verification

Scammers are using clever tricks and fake Telegram verification bots to spread crypto-stealing malware, according to blockchain security firm Scam Sniffer. These tactics are part of a growing trend to compromise systems and drain cryptocurrency wallets.

How the Scam Works

In a post on Dec. 10, Scam Sniffer explained that scammers create fake social media accounts mimicking well-known crypto influencers. They use these accounts to lure victims into Telegram groups, promising valuable investment advice.

Once inside the group, users are asked to verify their identity through a bot called “OfficiaISafeguardBot.” This bot creates urgency by giving users a short time to complete verification. 

However, instead of verifying anything, the bot injects harmful PowerShell code into the user’s system. This code downloads malware that targets computers and crypto wallets, stealing private keys.

Scam Sniffer has identified several cases where similar malware has been used to empty wallets by stealing sensitive data.

Read more: Robert Kiyosaki’s Bitcoin Prediction: Crash to $60,000 But Could Reach to $500,000

Scam Trends

The company highlighted that all recent cases of this specific scam were linked to the fake verification bot. While it’s unclear if other malicious bots are involved, the ease of impersonation means more such scams could emerge.

Scam Sniffer also noted that malware targeting regular users has been around for years. However, the technology supporting these scams has become more advanced and professional, evolving into “scam-as-a-service.” This model allows scammers to sell their tools to other fraudsters, similar to how phishing kits operate.

This particular method of combining fake social media accounts, Telegram channels, and malicious bots is a new and worrying development.

Rising Threats in December

Scam Sniffer has observed a spike in impersonation scams on platforms like X (formerly Twitter). On average, it detects about 300 fake accounts daily in December, compared to 160 in November.

These fake accounts trick victims into clicking harmful links or signing fraudulent transactions. In some cases, victims have lost more than $3 million.

Cado Security Labs has also reported that Web3 employees are being targeted with fake meeting apps that inject malware to steal login details for websites, apps, and crypto wallets. 

Additionally, Web3 security platform Cyvers has warned of a potential rise in phishing scams during December as hackers exploit increased online activity ahead of the holiday season.