Close
Sections
Avast Blog Security news Scammers pose as crypto support on Twitter

Scammers pose as crypto support on Twitter

Avast Security News Team 10 Dec 2021

Plus, Messenger Kids pulls them in while Instagram tells kids to take a break

A crypto support bot scam discovered in May has now increased and widened its breadth of targeted cryptocurrency users. The way it works is that scammers monitor every tweet on Twitter for specific keywords, such as the crypto platform names “MetaMask,” “Phantom,” “Yoroi,” and “Trust Wallet,” as well as other words like “support,” “help,” and “assistance.” When such a tweet is detected, the scammer’s bot instantly replies to the user, offering false assistance and urging them to click a link. If the user falls for it, the scammer then works on the user, using social engineering to obtain the recovery phrase for the user’s cryptocurrency account. Once the scammer gets that, they steal that user’s cryptocurrency.

“Cryptocurrency is the cybercriminal’s preferred currency nowadays,” said Avast Security Evangelist Luis Corrons. “While traditional phishing scams went after users' online banking credentials, the process was messy, less anonymous, and needed to involve money mules. With cryptocurrency, however, everything is easier and way more anonymous. If they get their hands on a wallet recovery phrase, they can steal it and make it theirs instantly, and there is no way for the real owner to get his money back.” For more on this story, see Bleeping Computer

Messenger Kids gets an upgrade

Meta has announced that the child-friendly version of Meta Messenger, designed for kids 6-12, will be getting some new features in the coming weeks, including dark mode and voice effects. Dark mode has been available for the regular version of Messenger since 2019, but will now be made available for Messenger Kids. The new voice effects feature allows users to play with audio filters after they’ve recorded a voice message, giving them the option to sound like a robot, ghost, gorilla, mouse, or as if they’re talking into a seashell. For more on this story, see The Verge

Instagram “take-a-break” feature launches next week

The same week Instagram chief Adam Mosseri appeared before the U.S. Senate to answer questions about online safety, the company announced that its “take-a-break” feature will launch next week in the U.S., Canada, U.K., Ireland, Australia, and New Zealand. The feature prompts any user who has been scrolling for a certain amount of time to take a break from the platform, advising them to set reminders for future breaks as well. Teenage users will also be prompted to turn on break reminders, and a new feature coming in March 2022 will allow parents to see how much time their children spend on the app. For more details, see BBC News

One year later, Nobelium hackers still use formidable TTPs

Hackers associated with the SolarWinds hack last year have been observed continuing to use the same tactics, techniques, and procedures (TTPs) to hack into a large number of private databases as quickly as possible. The SolarWinds hack was a Kremlin-based operation that targeted network management provider SolarWinds, thereby gaining access to the networks belonging to 100 of its highest-profile customers, including U.S. federal agencies. Microsoft named the hacking group Nobelium, and some of its members are still currently active, now attacking cloud solution providers (CSPs) in order to gain access to their clients’ networks. For more, see Ars Technica

Life360 family app sells its users’ location data 

According to The Markup, popular family safety app Life360 sells precise location information on its 33 million users. “Through interviews with two former employees of the company, along with two individuals who formerly worked at location data brokers Cuebiq and X-Mode, The Markup discovered that the app acts as a firehose of data for a controversial industry that has operated in the shadows,” reads the report. It goes on to say that the raw location data captured by the app is highly valuable information and sold to about a dozen different data brokers. Life360 has been selling data since 2016, but CEO Chris Hulls said that the company does not sell to government agencies or law enforcement. 

This week’s ‘must-read’ on The Avast Blog

Throughout this year, cybercriminals continued to take advantage of the Covid-19 pandemic, exploiting people’s habits formed during lockdown to spread scams. Join us as we take a look at the most prominent security threats of 2021. 

Related articles

Mario movie malware might maliciously mess with your machine

The promise of a free movie download led thousands of people into unintended malware.

18 Jul 2023 min read

Unmasking malicious extensions: Avast detects new threats on the Chrome Web Store

Avast recently discovered a series of malicious browser extensions on the Chrome Web Store that are spreading adware and hijacked search results.

2 Jun 2023 min read

The rise and fall of ransomware: Insights from Avast's Q1/2023 Threat Report

Ransomware has been a prominent threat in cybersecurity for more than a decade, but the rates of incidents are showing slight decline. The Avast Q1/2023 Threat Report examines why.

2 Jun 2023 min read

Subscribe to our newsletter

Subscribe

Most popular

Video: Accept all cookies? A recipe for online privacy this holiday season

11 Dec 2023

How to use Discord’s ‘Family Center’ to help protect your child

24 Jul 2023

The hidden pitfalls of travel apps

13 Jul 2023

Avast researchers uncover disturbing crowdfunding scheme

28 Jun 2023

Your essential cybersecurity checklist for safe summer travel

14 Jun 2023
Logo Avast Footer

1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy

--> -->