Sim-Swap Attack: Microsoft India’s X Account Falls Victim to Roaring Kitty Crypto Scam

TLDR

Microsoft India’s official X (Twitter) account, with over 211,000 followers, was hijacked by cryptocurrency scammers impersonating Roaring Kitty (Keith Gill).
The scammers used the hijacked account to promote a phishing site that claims to offer a presale of GameStop (GME) crypto, but instead steals victims’ cryptocurrency assets.
The incident may be the result of a SIM-swapping attack, targeting weaknesses in two-factor authentication.
Verified X accounts of major companies and crypto influencers have increasingly been targeted by scammers in 2024 to lure customers into fake promotions.
In December 2023, a wallet drainer named ‘MS Drainer’ reportedly stole $59 million from over 63,000 victims through Google Ads targeting counterfeit crypto platforms.

Microsoft India’s official X account fell victim to a cryptocurrency scam, with hackers impersonating the notorious meme stock trader Keith Gill, better known as Roaring Kitty.

The incident has raised concerns about the growing trend of verified accounts being targeted by scammers to promote fraudulent crypto schemes.

The Microsoft India account, which boasts over 211,000 followers and a gold checkmark indicating its status as an officially verified organization, was hijacked by the scammers.

They took advantage of Gill’s recent comeback to the public eye, which had a significant impact on GameStop (GME) stock prices, causing a 38.8% increase in shares for the year.

The hackers used the compromised account to post a series of videos featuring Roaring Kitty, along with links to a malicious website claiming to offer a presale of GameStop (GME) crypto.

Phishing site pushed via Microsoft India's hijacked X account (BleepingComputer) — Phishing site pushed via Microsoft India’s hijacked X account (BleepingComputer)

Unsuspecting users who connected their cryptocurrency wallets to the phishing site would have their assets stolen by the scammers through a wallet drainer.

Experts believe that the breach may have been the result of a SIM-swapping attack, a technique that exploits weaknesses in two-factor authentication.

This method involves scammers taking control of a phone number associated with the targeted account, allowing them to bypass security measures and gain unauthorized access.

The incident bears similarities to the hack of the U.S. Securities and Exchange Commission’s (SEC) X account in January, which was attributed to a SIM-swapping attack.

In that case, the compromised account was used to post a fake announcement about the approval of Bitcoin exchange-traded funds (ETFs), causing a temporary spike in Bitcoin prices.

The Microsoft India account hack is just one example of the growing trend of verified X accounts being targeted by scammers in 2024. Other high-profile victims include Netgear, Hyundai MEA, and the Web3 security firm CertiK. These attacks often involve the promotion of cryptocurrency scams, fake airdrops, and wallet drainers.

The increasing frequency of such incidents highlights the need for enhanced security measures and greater awareness among users. Companies and individuals must take steps to protect their accounts, such as enabling multi-factor authentication and being cautious of suspicious links and offers.

The popularity of cryptocurrency and the rise of decentralized finance (DeFi) have made the crypto space an attractive target for scammers.

In December 2023, a wallet drainer named ‘MS Drainer’ reportedly stole $59 million from over 63,000 victims through Google Ads that targeted counterfeit versions of popular crypto platforms.

As the Microsoft India account hack demonstrates, even well-established and verified accounts are not immune to these threats.

The post Sim-Swap Attack: Microsoft India’s X Account Falls Victim to Roaring Kitty Crypto Scam appeared first on Blockonomi.

from Blockonomi https://ift.tt/ikETIAv