HQ/EMEAFind out how we can help your business
The official Twitter account of Microsoft India, which has over 211,000 followers, was hijacked by cryptocurrency scammers who impersonated Roaring Kitty. This famous handle was used by infamous joke stock trader Keith Gill.
The scam has an effective tactic of impersonating Microsoft India’s X account, which has a gold check as an officially verified organisation on the site. Moreover, the threat actors use Gill’s recent resurgence to bait and attack potential victims with cryptocurrency wallet drainer malware.
The attackers’ primary method is to respond to tweets with Microsoft India’s hijacked account, prompting the company’s followers and other users on X to access a malicious website (presaIe-roaringkitty[.]com) that reportedly allows customers to buy GameStop (GME) cryptocurrency as part of an alleged presale.
However, the threat actors would take the assets of anyone who links their cryptocurrency wallets to the website and allows transactions with the drainer service.
The Roaring Kitty scam has also leveraged bots to spread its campaign.
The perpetrators of the Roaring Kitty scam have also used numerous bot accounts to retweet the hijacked account’s tweets. This tactic is intended to artificially expand the reach of destructive content and lure even more victims.
In recent months, X users have been the subject of a significant wave of account hijackings, leading to verified organisations falling victim to hacks that promote cryptocurrency fraud and wallet drainers.
The SEC’s account was recently similarly compromised due to a SIM-swapping attack. The stolen account was eventually used to make a false notification concerning the anticipated approval of Bitcoin exchange-traded funds (ETFs) on security exchanges, increasing Bitcoin values.
X’s safety team eventually blamed the breach on a SIM-swapping attack that hijacked a phone number linked to the SECGov account. They noted that the SEC’s account did not have 2FA enabled at the time of the incident.
Since the beginning of the year, threat actors have been increasingly targeting verified government and company X accounts with ‘gold’ and ‘grey’ checkmarks to increase the legitimacy of malicious tweets that lure users to phishing sites that promote cryptocurrency frauds or distribute crypto drainers.
Hence, X users are constantly exposed to fraudulent cryptocurrency adverts, which can lead to scams, bogus airdrops, and cryptocurrency and NFT drainers.
