[ad_1]
Authored by: Vallabh Chole and Yerko Grbic
On July twenty third, 2023, Elon Musk introduced that the social networking website, Twitter was rebranding as “X”. The information propelled Twitter and X to achieve headlines and turn out to be the highest trending matters on widespread social media platforms.
Scammers pounced on this chance and began renaming varied hacked YouTube and different social media accounts to “twitter-x” and “twitter fund” to advertise rip-off hyperlinks with new X branding.
Figure 1. Twitter-X-themed YouTube Live Stream by scammer
Figure 2. Twitter X Crypto Scam
This kind of rip-off has been energetic for some time and makes use of an revolutionary strategy to lure victims. To make this rip-off extra genuine, attackers goal well-known Influencers with sponsorship emails that comprise password-stealing malware as e mail attachments. When password stealer malware is executed, the influencer’s session cookies (distinctive entry tokens) are stolen and uploaded to attacker-controlled methods.
Figure 3. Malware Flow Chart
After the influencer’s account has been compromised, the scammer begins to rename channels, on this case to “Twitter CEO” and then the scammers begin to dwell stream an Elon Musk video on YouTube. They put up net hyperlinks for new rip-off websites in chat, and goal YouTube accounts with a giant variety of subscribers. On different social media platforms, corresponding to Instagram and Twitter, they use compromised accounts to observe customers and put up screenshots with captions, corresponding to “Thanks Mr.Elon”. If we bathroomokay for these phrases on Instagram, we observe hundreds of comparable put ups. Compromised accounts are additionally used to put up movies for software program/sport purposes, that are malware masquerading as reliable software program or sports. These movies show find out how to obtain and execute files, that are frequent password-stealing malware, and distributed via compromised social media accounts.
Protection with McAfee+:
McAfee+ gives all-in-one on-line safety on your id, privateness, and safety. With McAfee+, you’ll really feel safer on-line since you’ll have the instruments, steerage, and assist to take the steps to be safer on-line. McAfee protects in opposition to most of these rip-off websites with Web Advisor safety that detects malicious web sites.
Figure 4. McAfee WebAdvisor detection
Below is a detection heatmap for rip-off URL’s concentrating on twitter-x and selling crypto scams.
Figure 5. Scam URL Detection Heatmap
Figure 6. Password stealer Heatmap
Indicators of Compromise:
| Scam Site | Crypto Type | Wallet | |
| twitter-x[.]org | ETH | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | BTC | 1KtgaAjBETdcXiAdGsXJMePT4AEGWqtsug | |
| twitter-x[.]org | USDT | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | DOGE | DLCmD43eZ6hPxZVzc8C7eUL4w8TNrBMw9J |
