The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
While Hyundai has already regained access to their account and has cleaned up the timeline of all links pointing X users to malicious websites, Netgear has yet to take control of theirs, with some of the attacker's tweet replies still available.
Netgear's account has been hijacked since at least January 6th and was only used to reply to BRCapp tweets, luring followers to a malicious website promising to give the first 1,000 newly registered users $100,000.
Anyone who connected their wallets to the site would have had their assets and NFTs stolen by the threat actors.
Netgear and Hyundai spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today.
Hackers are increasingly targeting and compromising verified government and business X accounts with 'gold' and 'grey' checkmarks to add legitimacy to their malicious tweets pushing cryptocurrency scams, phishing sites, and sites dropping crypto drainers.
The X account of web3 security firm CertiK was hacked to push a crypto drainer on Friday, while the account of Google subsidiary and cybersecurity firm Mandiant was hijacked on Wednesday, although it had two-factor authentication toggled on.
Previously, scammers used the official Twitter account for Bloomberg Crypto to lure almost its 1 million followers to a malicious website designed to steal their Discord credentials.
As blockchain threat analysts at ScamSniffer revealed in December, a single waller drainer known as 'MS Drainer' stole roughly $59 million worth of cryptocurrency from 63k people in a Twitter ad push between March and November.
X users are also under a constant barrage of malicious cryptocurrency ads redirecting to fake airdrops, various scams, and, of course, crypto drainers.
Since X says it shows ads based on each user's interests, those not linked to other cryptocurrency accounts may not see these malicious ads.
Those in the crypto space are now besieged by what looks like a neverending torrent of such malicious ads, as BleepingComputer reported over the weekend.
Web3 security firm CertiK's X account hacked to push crypto drainer.
X users fed up with constant stream of malicious crypto ads.
Hackers hijack govt and business accounts on X for crypto scams.
Mandiant's account on X hacked to push cryptocurrency scam.
Crypto drainer steals $59 million from 63k people in Twitter ad push.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 08 Jan 2024 21:10:27 +0000