Scam Sniffer has observed a significant shift as crypto scammers move their activities to Telegram, where their new tactics are proving effective.
Initially identified in December, these Telegram malware scams have evolved, leading to a sharp increase in victims.
With a staggering 2,000% growth since November, these scams now surpass traditional phishing techniques in prevalence.
In a Jan. 15 X post, Scam Sniffer stated that the scams they detect go beyond the typical “connect wallet” tactics, where scammers deceive users into linking their wallets to fraudulent websites, resulting in stolen funds.
Scammers now leverage fake verification bots to spread advanced malware in phony trading groups, airdrop groups, and alpha groups.
“Once you execute their code or install their verification software, they can access your passwords, scan for wallet files, monitor your clipboard, and steal browser data,” the firm said.
Scam Sniffer has detected two scam-related verification bots, OfficiaISafeguardRobot and SafeguardsAuthenticationBot.
Scam Sniffer stated that scammers have adjusted their tactics in response to users becoming more informed about signature scams.
Malware gives bad actors access to more data, while it becomes harder to track the financial losses.
After detecting a surge in fake X accounts impersonating prominent crypto figures and inviting users to Telegram groups with investment offers, the security firm issued its first warning about Telegram malware scams in December.
Users who join the group are asked to use a fake verification bot, which subsequently injects malware that steals private keys and raids crypto wallets.
Scammers also deploy malware through fake Cloudflare verification pages, where they trick users into copying verification text, secretly loading the malware into their clipboard.
In its Jan. 4 update, Scam Sniffer revealed that scammers using these methods have shifted from impersonating influencers to targeting real project communities with “seemingly harmless invites.”
“This shift in tactics indicates scammers are adapting to increased user awareness about phishing links. Instead, they’re leveraging more sophisticated social engineering through Telegram bots,” the security firm said.
“Malware attack losses are nearly impossible to measure. But the massive shift in scammer tactics tells us one thing — it’s working,” it added.
Cado Security Labs flagged a similar scam in December, where bad actors used fake meeting apps to inject malware and steal login details for websites, apps, and crypto wallets.
The Cyvers 2024 Web3 Security Report, provided on Dec. 24, detailed that scammers took $2.3 billion in cryptocurrency across 165 incidents throughout the year. The theft in 2024 marked a 40% rise over 2023’s $1.69 billion, though it remains 37% down from the $3.78 billion stolen in 2022.
Two security firms noted that December recorded the smallest losses from hacks and scams for the year, reaching about $29 million.
