The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members. A scammer seized the old Telegram username during this transition. Exploiting the fact that Bloomberg's previous Telegram link remained active, the scammer used it today as part of a phishing scheme. "Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat." Upon entering the Discord server, a bot prompts visitors to use AltDentifier, an authentic Discord Verification Bot. The "Bloomberg Crypto staff team" gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials. "The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account," the phishing site says. "Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet. As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers. These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source. A Bloomberg spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Update: Revised the article to reflect that Bloomberg's Crypto account led to an old abandoned Telegram channel, hijacked as part of a phishing scheme. FBI shares tactics of notorious Scattered Spider hacker collective. Fraudsters make $50,000 a day by spoofing crypto researchers. Police takes down BulletProftLink large-scale phishing provider. Phishing-as-a-service operation uses double theft to boost profits.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000