The anti-fraud platform Web3 Scam Sniffer has identified a new strategy for crypto scammers targeting Telegram users. In a post on X, the platform noted that these attackers are now using fake Telegram groups and impersonating cryptocurrency individuals.
According to Scam Sniffer, cryptocurrency attackers rely heavily on the Telegram Safeguard Bot scam to access users’ devices and steal funds. They create fake X (formerly Twitter) accounts that pose as crypto influencers.
They use these fictitious accounts to comment on legitimate posts, inviting users to join their Telegram groups where they share alpha and ideas. However, users who join these groups are immediately prompted to verify the fake OfficialSafeguardBot.
Any user running the check will unwittingly add malicious PowerShell code to their clipboard. When the command is executed, it downloads and manages malware that can compromise devices and crypto wallets. SlowMist founder Yu Xian, better known as Cos, noted that the malware is a Trojan horse. He said:
“When you run this Powershell command, more sophisticated malicious Powershell code will be secretly downloaded and eventually the Remcos remote control trojan will be implanted into your computer, thus compromising your computer.”
Kos further explained that there is another Telegram Safeguard scam where hackers trick users into revealing their account information. The scam attempts to hack Telegram users’ accounts by asking for their mobile phone numbers or requiring them to scan a QR code and provide their login code and two-step verification password, allowing it to take full control of the account.
Fake crypto accounts are growing by X again
Meanwhile, the prevalence of scams on Telegram has also led to a rise in the number of fake cryptocurrency accounts on Twitter over the past few days. ScamSniffer reported that its monitoring systems detected an average of more than 300 fake accounts daily over the past week.
This represents a significant jump from the 160+ average for November and highlights the return of the fake accounts problem on X (formerly Twitter). While the issue seemed to be resolved earlier this year, the recovery in cryptocurrency prices has also led to an increase in cryptocurrency copycats, indicating a correlation between the two.
The number of X imitations increased significantly between November 29 and early December, when Bitcoin surged past the $100,000 mark. However, they now appear to have declined, just as Bitcoin and other major assets have also recorded price corrections.
These fake accounts have already become millions of unsuspecting victims who clicked on malicious links. Scam Sniffer reported that two victims recently lost over $3 million due to these malicious links. Several other victims also lost funds after clicking on phishing comments from fake accounts under Pudgy Penguins tweets.
Interestingly, scammers don’t just create fake accounts; they also compromise popular accounts to promote crypto scams.
Scam Sniffer recommended several protection tips, including avoiding unknown links and software, checking official channels, and being careful with any time-sensitive scan. As the anti-fraud body noted, cryptocurrency scams continue to evolve beyond simple phishing and it is important to remain vigilant.
A step-by-step system for starting your Web3 career and landing a high-paying cryptocurrency job in 90 days.
