A new wave of crypto scams has emerged, with attackers using fake X accounts to impersonate popular influencers and lure unsuspecting users into fraudulent Telegram groups.

Users are then manipulated into installing malware that compromises crypto wallet data.

Scammers Moving Beyond Simple Phishing Scams

According to blockchain security firm Scam Sniffer, the scammers comment on legitimate posts, enticing users with offers of exclusive investment insights and “alpha” tips. Once individuals join these Telegram groups, they are immediately prompted to undergo a verification process via a bot called OfficiaISafeguardBot.

The bot creates a false sense of urgency and pushes users to quickly complete the verification. However, this seemingly harmless step is a trap – by completing the verification, the bot injects malicious PowerShell code into the user’s clipboard. When executed, the code downloads malware designed to compromise the system and steal sensitive data, including crypto wallet information.

Scam Sniffer said that the malware has been flagged by VirusTotal as harmful, and previous instances of similar attacks have resulted in private key theft, leading to significant financial losses.

“This represents a new evolution in crypto scams – moving beyond simple phishing to combine social engineering with malware. Stay vigilant and share this to protect others.”

Rampant Scams

Last month, Casa CEO Nick Neuman shared a harrowing tale of a phishing scam that targeted him. In a post on X, Neuman described a call he received from a scammer pretending to be a Coinbase support agent. The scammer claimed that Neuman’s password change request had been canceled and encouraged him to click on a link in a suspicious email.

When Neuman started questioning the scammer, they dropped the act and revealed the operation’s true nature. The scammer bragged about having recently stolen $35,000 from a victim and made it clear that the scam targets only ri