Scammers use Telegram bots to inject malware and steal crypto

Scammers are increasingly employing fake Telegram verification bots to inject crypto-stealing malware into users' systems, according to blockchain security firm Scam Sniffer.

In a December 10 post on X, Scam Sniffer highlighted a new tactic where scammers create counterfeit accounts impersonating popular crypto influencers. 

These fake accounts invite users to join Telegram groups with promises of exclusive investment insights.

Once users join these groups, they are prompted to verify their identities through a malicious bot named “OfficiaISafeguardBot,” which creates a sense of urgency with short verification windows.

The bot then executes a malicious PowerShell code that downloads and runs malware designed to compromise computer systems and crypto wallets.

Scam Sniffer reported numerous cases where this type of malware has led to the theft of private keys from victims' wallets.

“This is the first time we’re seeing this specific combination of fake X accounts, fake Telegram channels, and malicious Telegram bots,” the firm noted.

While malware targeting regular users has been around for some time, Scam Sniffer indicated that the infrastructure supporting such attacks is rapidly evolving and becoming more sophisticated.

As scammers achieve successful heists, they often adapt their methods into a scam-as-a-service model, similar to how creators of wallet-draining software provide tools to phishing scammers.

The firm also observed a significant increase in impersonation scams on X, with an average of 300 impersonators detected daily in December, compared to 160 in November.

At least two victims have reported losses exceeding $3 million after interacting with these fraudulent accounts and clicking on malicious links.

In addition to these findings, Cado Security Labs has warned that Web3 workers are being targeted by campaigns using fake meeting applications to inject malware and steal credentials related to various platforms.

Similarly, the security platform Cyvers cautioned that phishing attacks could rise in December as hackers seek to exploit increased online transactions during the holiday season.