A huge cryptocurrency scam botnet was identified on Twitter. Users should be cautious.
A group of researchers has discovered a botnet that copycats the Twitter accounts and shares scam cryptocurrency giveaways. According to ITPro, the research was done by Duo Security, which during the May-July period tracked 88 million Twitter accounts using specific technologies to search and analyze malicious bots within the social media portal.
“Comprised of at least 15,000 bots in a three-tiered hierarchical structure, a team of Duo Security researchers observed how the crypto-scam botnet worked to spread a fake ‘cryptocurrency giveaway’, and evolved over time to remain undetected,” wrote ITPo.
How it works
The researchers created a presentation on the mechanism behind the botnet that was shown yesterday at the 2018 Black Hat cybersecurity event. According to the Duo team, the first step is to create a copycat profile for a crypto-related account. The original name and picture are taken intact and added to the fake account.
Further on, bots are posting fake cryptocurrency giveaways, and to seem more plausible, they add comments from real accounts, including a scam link that would attract more victims.
This is not all- yet. The huge botnet also uses “amplification bots“, which are other fake profiles meant to give “likes” to false accounts’ tweets in order to “artificially inflate the tweet’s popularity [and] make the cryptocurrency scam appear legitimate.”
“[Searching for connected bots] resulted in a 3 tiered botnet structure consisting of the scam publishing bots, the hub accounts (if any) the bots were following, and the amplification bots that like each created tweet. The mapping shows that the amplification bots like tweets from both clusters, binding them together.”
The team identified a way that “can result in the unraveling of the entire botnet“. The researchers also added in their report that the crypto scam botnets are still live and can only be detected by “straightforward analysis.”
“We don’t consider the problem solved,” the team claimed.
Following this research, Duo Security intends to release a mechanism that will discover scam bots and aid “keep Twitter and other social networks a place for healthy online discussion and community.”