Cryptocurrency fraudsters use Telegram messenger to steal cryptocurrencies

Cryptocurrency fraudsters have stepped up their activities by using fake Telegram bots to verify identities. They introduce malware to steal cryptocurrencies. The attack starts with fake accounts on social network X (formerly Twitter) that pretend to be well-known crypto influencers. Fraudsters lure users into Telegram groups by promising investment advice.

In these groups, users are asked to verify themselves through a bot called OfficiaISafeguardBot. The bot creates a sense of urgency by demanding that the verification be completed within a limited time. As a result, the bot injects malicious PowerShell code that downloads and activates crypto wallet theft programs. Experts emphasize that all recently reported cases of fraud are related to this bot. Although it is not known whether other bots are being used, the growing sophistication of the infrastructure for such attacks is evident.

It is reported that an average of 300 fake accounts were detected daily in December, almost double the number compared to November. At least two victims lost more than $ 3 million through fake links and fraudulent transactions. In addition, Web3 employees are being targeted by fake meeting apps that introduce malware to steal credentials. Experts warn that the number of phishing attacks may increase in December due to the intensification of online transactions during the holiday season.