Cryptocurrency scammers are getting more creative to convince potential victims to part with their money. Recently, the security community was shocked when a team of researchers discovered the existence of a sophisticated botnet on Twitter which was used as a comprehensive tool for spreading a cryptocurrency scam.

The botnet was discovered by a team of researchers from security firm Duo Security. The team was doing research on how to identify Twitter account automation and was reviewing the tweets of around 88 million accounts in an effort to study how bots operate.

The researchers used machine learning and other data science techniques to analyze close to half a billion tweets to uncover the structure of botnets. As a result, they discovered the botnet, comprised of more than 15,000 bots.

What is a Twitter bot?

Most people might not exactly know what a Twitter bot is, but virtually anyone who maintains an account with the popular social media platform has likely interacted with one. Simply put, a Twitter bot is just software designed to do a specific task. This automated software is a tool for easier management of social media accounts and is especially useful for large organizations.

Malicious use of such bots has been highlighted by recent media reports. For instance, Russian Twitter bots were used in trying to influence US election results. Bots are also sometimes used to spread false information, rig online surveys, and even inflate social media metrics.

Not All Bots are Dangerous

Conversely, there are a host of legitimate uses for automating Twitter accounts; companies often use them to manage their social media accounts. Some legitimate bots automate the handling of customer responses, others are used schedule the release of online content. Benign twitter bots can do everything from answering frequently asked questions to providing flight information.

The Cryptocurrency Scam Botnet

The botnet involved in the cryptocurrency scam discovered by the Duo Security researchers is significant in scale. According to the firm’s report, the botnet is composed of more than 15,000 fake accounts managed by bots.

To maintain a veneer of credibility, the scam created spoofed versions of legitimate cryptocurrency-affiliated Twitter accounts. These spoofed or fake accounts would mimic the originals by copying the profile pictures and imitating the names of the legitimate accounts.

These fake crypto-related accounts will then post a reply to a tweet sent out by the legitimate Twitter accounts. The reply would contain a link of a cryptocurrency giveaway and victims are fooled into clicking the link, thinking that it was shared by the legitimate Twitter account.

The scam botnet was able to avoid automated detection for so long by employing increasingly sophisticated techniques. For instance, the bots would use Unicode characters in tweets instead of traditional ASCII characters, add spaces between words and punctuations to introduce some variance to the tweets, and edit their profile pics to modify them slightly from the original account’s pictures.

Fake Twitter Accounts Involved in Crypto Scams on The Rise

Fake Twitter accounts promoting various types of crypto scams have been plaguing the platform for months now. Scammers have been impersonating famous personalities such as Elon Musk, Warren Buffet, and even Ethereum co-founder Vitalik Buterin, using their names to ask for a small amount of crypto while promising substantial future returns.

Even Britain’s Financial Conduct Authority (FCA) recently issued a warning that crypto scammers using social media platforms such as Twitter are on the rise. According to the FCA, these scammers are now trying to entice victims by using fake celebrity endorsements to sweeten the deal. Clicking on the links contained in these endorsements will redirect potential victims to a professional-looking site offering various crypto-related products.

Faced with increasingly sophisticated cybercriminals, it pays to be vigilant; especially in making online transactions. Always check if the Twitter account used has been verified and check for how long it has been in use. Avoid links when possible, navigate to the company web page yourself.  In addition, always be wary if the promotion seems unrealistic. If the deal sounds too good to be true, then it probably is.

If you think you’ve been consuming web content for free without signing up for a subscription or by disabling ads, you could be in for a big surprise. As it turns out, some websites make you pay for your use whether you’re agreeable to it, or even aware of it. How exactly? By employing cryptojacking, the latest malware fad to hit unsuspecting victims everywhere. Cryptojacking is defined as the unauthorized use of computing resources for the purpose of mining cryptocurrency.

Why cryptojacking is on the rise

Bitcoin, currently the most widely-circulated of these digital currencies, reached a record high value of more than $19,000 (per coin) last December 2017. It has been on the decline since then, presently valued at roughly $6,000.00.

These prices are nothing to scoff at, especially since malicious actors can get away with mining cryptocurrencies for free. Despite heavy fluctuations in value, the cryptocurrency market isn’t going away any time soon.

It’s therefore no surprise that cryptocurrency mining scripts have been making the rounds across thousands of websites. As an illicit means of generating revenue, cybercriminals have found cryptojacking to be a worthy alternative to ransomware because it’s easier to deploy, requires no interaction with the victims, and can remain undetected for a long time.

How cryptojacking works

There is no central bank that mints these virtual currencies like your regular banknotes and coins. Instead, cryptocurrencies are generated or mined when a computer solves complex math puzzles, adding to the constantly growing “blockchain,” essentially infinite bits of decentralized information. The hardware that contributed to the transaction gets a sort of miner’s fee in the form of that block’s coin.

While a detailed explanation of blockchain technology and cryptomining merits a separate article altogether, suffice it to say that mining for cryptocurrency can be a very profitable endeavor. To have a computer perform cryptomining in secret, hackers deploy one of two ways: by loading cryptomining code onto the victim’s computer, or by injecting a mining script on a website or an ad that circulates in numerous websites.

In the first method, the hacker relies on phishing techniques to load the code into a target computer. The owner receives a legitimate appearing email and is encouraged to click the link to initiate or complete a certain process. Instead of the expected transaction, the victim unwittingly installs a program that secretly mines digital currencies.

Using JavaScript on a website as described in the second method is commonly referred to as in-browser cryptojacking. There’s really no getting around it because as soon as you load a page, the mining code begins to run. No opt-ins are required, and no installations are needed.

While websites most often deploy in-browser cryptojacking to earn the money they can’t generate with just online advertising, hackers usually make use of both methods to maximize their earning potential.

Should you be worried about?

It’s worth noting that unlike other security threats, cryptojacking doesn’t cause any obvious and immediate damage to the host computer or to the data stored therein. Once cryptojacking scripts get to work however, they do affect the computer’s performance adversely by hijacking processing power.

Over time, the constant and intense mining can eventually take its toll on the victim’s device, not to mention driving up one’s electricity bill. According to a widely-cited website that tracks relevant cryptocurrency developments, the electricity used in a single Bitcoin transaction could power about 30 US households for a day. Other examples liken it to energy that could boil 36,000 water-filled kettles. Note that these comparisons are solely for Bitcoin transactions which are known to demand the most high-powered computing resources.

Falling victim to cryptojacking schemes is something that should be cause for concern. The degree to how much this affects the victim however, depends on the amount of processing power one actually contributes. For the average computer user, having a slower computer and a slightly higher electric bill, could be no more than a minor annoyance or even considered a fair trade for being able to access free content.

For an organization with numerous devices connected to their network, the collective illegal usage of company devices could add up to a significant amount of resource and power costs. The lowered productivity for employees who are bogged down by poorly-performing computers, and the added manpower costs for IT personnel who need to track down and troubleshoot the performance issues should also be considered. Of course, the primary concern is the unauthorized usage of your property and the potential for more malicious malware being installed.

If you’d like to learn about how our DNS Security Solutions can help identify and prevent cryptojacking, visit us at http://www.defintel.com