The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the deal with utilized by infamous meme inventory dealer Keith Gill.
Microsoft India’s X account has a gold verify as an formally verified group on the platform, lending the hijackers’ posts extra legitimacy.
The menace actors benefit from Gill’s latest comeback to lure potential victims and infect them with cryptocurrency pockets drainer malware.
They’re now utilizing Microsoft India’s hijacked account to answer to tweets, luring the corporate’s followers and different individuals on X to a malicious web site (presaIe-roaringkitty[.]com) that might allegedly permit them to purchase GameStop (GME) crypto as a part of a so-called presale.
Nevertheless, the menace actors would steal the property of anybody who connects their cryptocurrency wallets to the location and authorizes transactions to the drainer service.
Many bot accounts are actually additionally retweeting the hijacked account’s tweets, a tactic designed to artificially enhance the malicious posts’ attain and entice much more victims.
In latest months, X customers have been focused in a large wave of account hijacks, resulting in verified organizations falling sufferer to hacks selling cryptocurrency scams and pockets drainers.
The U.S. Securities and Change Fee’s @SECGov account was additionally compromised after a SIM-swapping assault. The compromised account was later used to submit a faux announcement in regards to the long-awaited approval of Bitcoin exchange-traded funds (ETFs) on safety exchanges, inflicting a short lived spike in Bitcoin costs.
X’s Security group later additionally attributed the breach to a SIM-swapping assault that hijacked a telephone quantity related to the @SECGov account, noting that the SEC’s account didn’t have two-factor authentication (2FA) enabled on the time of the hack.
Beforehand, the X accounts for Netgear and Hyundai MEA had been additionally hacked to advertise websites designed to push crypto pockets drainers, whereas the account of Web3 safety agency CertiK was additionally compromised days earlier for related malicious functions.
For the reason that starting of the yr, menace actors have been more and more concentrating on verified authorities and enterprise X accounts with ‘gold’ and ‘gray’ checkmarks to lend credibility to tweets that redirect customers to phishing websites that promote cryptocurrency scams or unfold crypto drainers.
X customers additionally face a relentless barrage of malicious cryptocurrency adverts, resulting in scams, faux airdrops, and cryptocurrency and NFT drainers.
In response to ScamSniffer blockchain menace specialists, an X advert marketing campaign used a single pockets drainer often known as ‘MS Drainer’ to steal roughly $59 million value of cryptocurrency from 63,000 individuals between March and November.
