Skip to content

Cryptocurrency scam runs amok on Microsoft India’s X account

  • by
  • 2 min read

The official Microsoft India account, boasting over 211,000 followers and the coveted gold verification checkmark, was recently hijacked by cryptocurrency scammers. Masquerading as notorious meme stock trader ‘Roaring Kitty’ (Keith Gill), the imposters exploit Gill’s recent return to the scent to lure unsuspecting victims.

The attackers directed users to a malicious website, presale-roaringkitty[.]com, which promises a ‘GameStop (GME) crypto presale.’ Security researchers warn that the site harbours ‘wallet drainer’ malware, designed to steal cryptocurrency from unsuspecting users who connect their wallets, reports Bleeping Computer.

This incident is just one example of a broader trend. Verified accounts of organisations like the U.S. Securities and Exchange Commission (@SECGov) have also been compromised.

In the SEC case, a ‘SIM-swapping’ attack allowed hackers to post a fake announcement regarding Bitcoin ETF approval, causing a temporary price spike. Notably, the SEC account lacked basic two-factor authentication (2FA) security, leaving it vulnerable.

Hacked Microsoft India X account.

The list of compromised accounts extends beyond government agencies. Tech companies like Netgear, CertiK, a Web3 security firm, and Hyundai MEA have all fallen victim to similar attacks promoting crypto scams and wallet drainers.

In January 2024, Mandiant’s X account was hacked and cyber crooks used it to promote a crypto scam.

Cybersecurity experts highlight a concerning pattern. Attackers target verified accounts with ‘gold’ and ‘grey’ checkmarks. These verification badges lend legitimacy to malicious tweets, making them appear more trustworthy.

X users face a constant barrage of cryptocurrency-related scams, fake airdrops, and wallet drainers within the platform. This latest campaign adds another layer of complexity, making it even harder to distinguish genuine content from phishing attempts.

The hijacking of the Microsoft India account serves as a stark reminder that even verified accounts on social media platforms can be compromised. Cybersecurity experts warn users not to trust verified accounts and to double-check links before clicking on them. Users are also advised to use common sense while opting for investment in schemes that look too promising.

In the News: Internal Google docs expose years of mishandled user data across various platforms

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>