Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams.
A recent high-profile case is the X account of cyber threat intelligence company Mandiant, a Google subsidiary, which was hijacked yesterday to distribute a fake airdrop that emptied cryptocurrency wallets.
Only in the past couple of days, MHT has posted about the accounts of Canadian senator Amina Gerba, nonprofit consortium 'The Green Grid,' and Brazilian politician Ubiratan Sanderson falling in the hands of hackers.
A gold checkmark attached to an account on X indicates an official organization/company, while the grey badge marks profiles representing a government organization or an official.
Both types of accounts need to meet specific eligibility requirements.
By contrast, the blue checks are given to any user paying for an X Premium subscription.
A recent report from CloudSEK, a digital risk monitoring platform, highlights the emergence of a new black market where hackers sell compromised gold and grey X accounts for prices between $1,200 and $2,000.
Some sellers also provide the option to add scam accounts as affiliates to the verified gold accounts for $500, lending them credibility without having to go through the more rigorous verification process from the social media platform.
CloudSEK says it observed six sales of such accounts in a month.
One of them, dormant since 2016 and with 28,000 followers, was advertised for $2,500.
Researchers recommend companies to close dormant accounts if they've been inactive for a larger period.
Reviewing the security settings and activate the two-factor authentication option.
It is also worth checking what apps are connected to the account as well as the log of active sessions on other devices.
Mandiant's account on X hacked to push cryptocurrency scam.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
Fraudsters make $50,000 a day by spoofing crypto researchers.
Crypto drainer steals $59 million from 63k people in Twitter ad push.
US detains suspects behind $80 million 'pig butchering' scheme.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 04 Jan 2024 18:40:43 +0000