Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.
Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, leading to ads that match users' interests.
While Elon had previously tweeted that YouTube is nonstop scam ads, X appears to have its own problem, increasingly showing advertisements promoting cryptocurrency scams.
These scams include links to Telegram channels promoting pump and dumps, phishing pages, and links to sites hosting crypto drainers, which are malicious scripts that steal all the assets in a connected wallet.
As X shows advertisements based on users' interests, those not involved in cryptocurrency may not see these ads.
Those who frequent the space are now bombarded by what appears to be an endless stream of malicious ads.
The researcher has been posting screenshots of X ads containing crypto scams, almost all coming from verified users.
It has gotten so bad that other X users must leave community notes on ads to warn others that they are scams or wallet drainers.
Last month, ScamSniffer reported that a cryptocurrency drainer named 'MS Drainer' that is promoted in Google Search and X advertisements, had stolen $59 million from 63,210 victims over nine months.
On X, the threat actors created advertisements that pretended to be a limited-edition NFT collection called Ordinals Bubbles, fake airdrops, and new token launches.
It's unclear what vetting process X has in place to prevent these ads, but many users are frustrated that there is not much scrutiny on what ads are allowed to run on the site.
Bloomberg reported last month that X's ad revenue is projected to drop by $2.5 billion, an over 50% drop in revenue from 2022.
This has led X users to believe that Twitter is turning a blind eye to these malicious ads to bolster its dwindling advertising revenue.
BleepingComputer did not contact X about this story, as they have not responded to our previous press emails.
Web3 security firm CertiK's X account hacked to push crypto drainer.
Hackers hijack govt and business accounts on X for crypto scams.
Mandiant's account on X hacked to push cryptocurrency scam.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
Fraudsters make $50,000 a day by spoofing crypto researchers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 06 Jan 2024 16:41:41 +0000