Cybersecurity company SlowMist analyzed social network X for malicious content.
Scam sleuths came to the conclusion that over 80% of comments under publications of well-known projects are related to phishing software.
In a report by SlowMist, scammers were found to be actively purchasing X accounts to use for scamming purposes. Users are usually sold in the Telegram messenger application, where there is an active market for this category of clients, experts claim.
According to the study, attackers are typically offered a wide selection of accounts, among which there are accounts similar to the profiles of well-known crypto projects. Such a “product” may have a different number of subscribers and a long date of registration on the platform.
After purchasing an account, scammers use advertising tools to increase trust on the social network. With their help, they increase the number of subscribers, likes and promote their profile on site X. Experts note that such services are offered not by the platform itself, but by third-party services, which often accept payment in crypto assets.
Next, the attackers disguise the profile as an existing project and involve bots that monitor the publications of the original account. As soon as a new post appears on the company’s account, the scammer’s product comments on it. As a result, the user gets the impression that the post is related to the previous publication.
Analysts have found that the vast majority of such comments are related to cryptocurrency projects. The links attached to them lead to sites with phishing software that allows you to steal user assets.
Using the MistTrack tool, analysts were able to track some addresses associated with scammers. Experts note that attackers often create an entire network to distribute malicious links.
According to Scam Sniffer, last year wallet drainers had stolen $295 million in cryptocurrencies from about 324,000 victims in 2023. The overall trend reveals an alarming escalation in the scale and sophistication of phishing attacks.