Crypto scammers shift focus to Telegram

Crypto scammers have significantly shifted their operations to Telegram, where malware scams have surged by 2,000% since November, according to the security firm Scam Sniffer.

In a January 15 post on X, Scam Sniffer emphasises that these scams have outpaced traditional phishing methods in volume.

Unlike the typical scams that involve users connecting their wallets to fraudulent sites, these new tactics involve distributing sophisticated malware through fake verification bots in various Telegram groups.

Scammers are utilising fake trading, airdrop, and alpha groups to lure victims.

Once users execute the malicious code or install the verification software, scammers can access sensitive information such as passwords, wallet files, clipboard data, and browser information.

Scam Sniffer identified at least two fake verification bots employed by these scammers: OfficiaISafeguardRobot and SafeguardsAuthenticationBot.

The firm noted that as users become more aware of signature scams, bad actors are adapting by employing malware tactics that provide broader access and create more complex loss tracking.

Scam Sniffer first raised concerns about Telegram malware scams in December after observing an increase in scammers impersonating popular crypto influencers and inviting users to Telegram groups with promises of investment insights.

Once users join these groups, they are prompted to verify their identity through a fake bot that injects crypto-stealing malware into their systems.

Another method involves using counterfeit Cloudflare verification pages to deploy malware by prompting users to copy and paste verification text that secretly injects malicious code into their clipboard.

In an update on January 4, Scam Sniffer reported that scammers had expanded their target base beyond influencers to include legitimate project communities with seemingly harmless invites.

This evolution in tactics suggests that scammers are responding to heightened user awareness regarding phishing links by leveraging more sophisticated social engineering techniques via Telegram bots.

Scam Sniffer emphasised the difficulty in measuring losses from malware attacks but noted that the significant shift in tactics indicates effectiveness.

Cado Security Labs also warned of similar scams targeting users through fake meeting apps designed to inject malware and steal credentials from various platforms.

According to the Cyvers 2024 Web3 Security Report, $2.3 billion worth of crypto was stolen across 165 incidents in 2024, marking a 40% increase from the previous year.

Despite this rise, December recorded the lowest losses for the year at approximately $29 million.