Authored by: Vallabh Chole and Yerko Grbic
On July twenty third, 2023, Elon Musk introduced that the social networking website, Twitter was rebranding as “X”. The information propelled Twitter and X to achieve headlines and grow to be the highest trending matters on well-liked social media platforms.
Scammers pounced on this chance and began renaming numerous hacked YouTube and different social media accounts to “twitter-x” and “twitter fund” to advertise rip-off hyperlinks with new X branding.
Determine 1. Twitter-X-themed YouTube Stay Stream by scammer
Determine 2. Twitter X Crypto Rip-off
This sort of rip-off has been energetic for some time and makes use of an modern strategy to lure victims. To make this rip-off extra genuine, attackers goal well-known Influencers with sponsorship emails that comprise password-stealing malware as e mail attachments. When password stealer malware is executed, the influencer’s session cookies (distinctive entry tokens) are stolen and uploaded to attacker-controlled methods.
Determine 3. Malware Movement Chart
After the influencer’s account has been compromised, the scammer begins to rename channels, on this case to “Twitter CEO” and then the scammers begin to reside stream an Elon Musk video on YouTube. They submit internet hyperlinks for new rip-off websites in chat, and goal YouTube accounts with a giant variety of subscribers. On different social media platforms, reminiscent of Instagram and Twitter, they use compromised accounts to observe customers and submit screenshots with captions, reminiscent of “Thanks Mr.Elon”. If we lavatoryokay for these phrases on Instagram, we observe hundreds of related submits. Compromised accounts are additionally used to submit movies for software program/sport functions, that are malware masquerading as authentic software program or sports. These movies display the way to obtain and execute files, that are widespread password-stealing malware, and distributed by way of compromised social media accounts.
Safety with McAfee+:
McAfee+ gives all-in-one on-line safety in your identification, privateness, and safety. With McAfee+, you’ll really feel safer on-line since you’ll have the instruments, steering, and assist to take the steps to be safer on-line. McAfee protects towards these kinds of rip-off websites with Net Advisor safety that detects malicious web sites.
Determine 4. McAfee WebAdvisor detection
Under is a detection heatmap for rip-off URL’s focusing on twitter-x and selling crypto scams.
Determine 5. Rip-off URL Detection Heatmap
Determine 6. Password stealer Heatmap
Indicators of Compromise:
| Rip-off Web site | Crypto Sort | Pockets | |
| twitter-x[.]org | ETH | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | BTC | 1KtgaAjBETdcXiAdGsXJMePT4AEGWqtsug | |
| twitter-x[.]org | USDT | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | DOGE | DLCmD43eZ6hPxZVzc8C7eUL4w8TNrBMw9J |
