Reading Time
~ 2 minutes
Spread the Word

A huge cryptocurrency scam botnet was identified on Twitter. Users should be cautious.

A group of researchers has discovered a botnet that copycats the Twitter accounts and shares scam cryptocurrency giveaways. According to ITPro, the research was done by Duo Security, which during the May-July period tracked 88 million Twitter accounts using specific technologies to search and analyze malicious bots within the social media portal.

Comprised of at least 15,000 bots in a three-tiered hierarchical structure, a team of Duo Security researchers observed how the crypto-scam botnet worked to spread a fake ‘cryptocurrency giveaway’, and evolved over time to remain undetected,” wrote ITPo.

How it works

The researchers created a presentation on the mechanism behind the botnet that was shown yesterday at the 2018 Black Hat cybersecurity event. According to the Duo team, the first step is to create a copycat profile for a crypto-related account. The original name and picture are taken intact and added to the fake account.

Further on, bots are posting fake cryptocurrency giveaways, and to seem more plausible, they add comments from real accounts, including a scam link that would attract more victims.

This is not all- yet. The huge botnet also uses “amplification bots“, which are other fake profiles meant to give “likes” to false accounts’ tweets in order to “artificially inflate the tweet’s popularity [and] make the cryptocurrency scam appear legitimate.”

“[Searching for connected bots] resulted in a 3 tiered botnet structure consisting of the scam publishing bots, the hub accounts (if any) the bots were following, and the amplification bots that like each created tweet. The mapping shows that the amplification bots like tweets from both clusters, binding them together.”

The team identified a way that “can result in the unraveling of the entire botnet“. The researchers also added in their report that the crypto scam botnets are still live and can only be detected by “straightforward analysis.”

We don’t consider the problem solved,” the team claimed.

Following this research, Duo Security intends to release a mechanism that will discover scam bots and aid “keep Twitter and other social networks a place for healthy online discussion and community.”

Notice: The information in this article and the links provided are for general information purposes only and should not constitute any financial or investment advice. We advise you to do your own research or consult a professional before making financial decisions. Please acknowledge that we are not responsible for any loss caused by any information present on this website.