News

Microsoft India’s X account was hacked in the Roaring Kitty crypto scam

Published

6 months ago

on

Microsoft India’s official Twitter account, with over 211,000 followers, was hacked by cryptocurrency scammers to impersonate Roaring Kitty, the pseudonym used by well-known meme stock trader Keith Gill.

Microsoft India X Account has a golden check as an officially verified organization on the platform, giving more legitimacy to the hijackers’ posts.

Threat actors are taking advantage of Gill’s recent resurgence to lure potential victims and infect them with malware that drains cryptocurrency wallets.

Now they’re using the compromised Microsoft India account to reply to tweets, luring the company’s followers and other people on X to a malicious website (presaIe-roaringkitty[.]com) which would supposedly allow them to buy GameStop (GME) cryptocurrencies as part of a so-called pre-sale.

Phishing site sent via compromised Microsoft India X account (BleepingComputer)

However, threat actors would steal the assets of anyone who connects their cryptocurrency wallets to the site and authorizes transactions to the drain service.

Many bot accounts are now also retweeting tweets from hacked accounts, a tactic designed to artificially increase the reach of malicious posts and snare even more victims.

​In recent months, X users have been targeted by a massive wave of account takeovers, leading verified organizations to fall victim to attacks promoting cryptocurrency scams and wallet drains.

The U.S. Securities and Exchange Commission’s @SECGov account was, too compromise after a SIM swap attack. The compromised account was later used post a false ad on the long-awaited approval of Bitcoin Exchange Traded Funds (ETFs) on stock exchanges, causing a temporary increase in Bitcoin prices.

Later also X’s security team attributed the violation to a SIM swap attack that took control of a phone number associated with the @SECGov account, pointing out that the SEC account did not have two-factor authentication (2FA) enabled at the time of the hack.

Previously, the X represents Netgear and Hyundai MEA were also hacked to promote sites designed to push crypto wallet drainers, while the account of Web3 security company CertiK was also compromised days before for similar malicious purposes.

They have been the perpetrators of the threats since the beginning of the year increasingly targeted Verified government and corporate X accounts with “gold” and “grey” checkmarks to lend credibility to tweets that redirect users to phishing sites promoting cryptocurrency scams or spreading cryptocurrency drain schemes.

Even X users face an incessant barrage of malicious cryptocurrency adsleading to scams, fake airdrops, and drainers of cryptocurrencies and NFTs.

According to blockchain threat experts at ScamSniffer, an X ad campaign used a unique wallet drainer known as “MS Drainer” to steal approximately $59 million in cryptocurrency by 63,000 people between March and November.



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version