Authored by: Vallabh Chole and Yerko Grbic
On July twenty third, 2023, Elon Musk introduced that the social networking website, Twitter was rebranding as “X”. The information propelled Twitter and X to achieve headlines and develop into the highest trending subjects on widespread social media platforms.
Scammers pounced on this chance and began renaming numerous hacked YouTube and different social media accounts to “twitter-x” and “twitter fund” to advertise rip-off hyperlinks with new X branding.
Determine 1. Twitter-X-themed YouTube Stay Stream by scammer
Determine 2. Twitter X Crypto Rip-off
This kind of rip-off has been energetic for some time and makes use of an modern method to lure victims. To make this rip-off extra genuine, attackers goal well-known Influencers with sponsorship emails that include password-stealing malware as e mail attachments. When password stealer malware is executed, the influencer’s session cookies (distinctive entry tokens) are stolen and uploaded to attacker-controlled methods.
Determine 3. Malware Circulate Chart
After the influencer’s account has been compromised, the scammer begins to rename channels, on this case to “Twitter CEO” and then the scammers begin to dwell stream an Elon Musk video on YouTube. They submit internet hyperlinks for new rip-off websites in chat, and goal YouTube accounts with a giant variety of subscribers. On different social media platforms, corresponding to Instagram and Twitter, they use compromised accounts to observe customers and submit screenshots with captions, corresponding to “Thanks Mr.Elon”. If we bathroomok for these phrases on Instagram, we observe hundreds of comparable submits. Compromised accounts are additionally used to submit movies for software program/recreation purposes, that are malware masquerading as official software program or recreations. These movies display how you can obtain and execute files, that are frequent password-stealing malware, and distributed via compromised social media accounts.
Safety with McAfee+:
McAfee+ supplies all-in-one on-line safety in your identification, privateness, and safety. With McAfee+, you’ll really feel safer on-line since you’ll have the instruments, steering, and help to take the steps to be safer on-line. McAfee protects towards most of these rip-off websites with Net Advisor safety that detects malicious web sites.
Determine 4. McAfee WebAdvisor detection
Beneath is a detection heatmap for rip-off URL’s concentrating on twitter-x and selling crypto scams.
Determine 5. Rip-off URL Detection Heatmap
Determine 6. Password stealer Heatmap
Indicators of Compromise:
| Rip-off Website | Crypto Sort | Pockets | |
| twitter-x[.]org | ETH | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | BTC | 1KtgaAjBETdcXiAdGsXJMePT4AEGWqtsug | |
| twitter-x[.]org | USDT | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | DOGE | DLCmD43eZ6hPxZVzc8C7eUL4w8TNrBMw9J |
