Researchers Discover Huge Crypto Scam Botnet on Twitter
Researchers have uncovered a huge botnet that mimics legitimate accounts on Twitter to spread a cryptocurrency "giveaway" scam. The discovery was made during a research effort by Duo Security that looked at 88 million Twitter accounts from May to July and used machine learning to identify bots, malicious or otherwise, on the social media platform. The team notably found a single network of over 15,000 bots in a three-tiered structure that spread the fake cryptocurrency giveaway, and further evolved as time passed in order to avoid detection. The Duo team described how the botnet works in a paper to be presented at the 2018 Black Hat cybersecurity event on Wednesday. Typically, they write, bots first create a spoofed (or copycat) account for a genuine cryptocurrency-related account that would copy the name and profile picture of the legitimate account. To spread the fake giveaway scam, the bots would reply to tweets posted by the legitimate account, containing a link to entice Twitter users to the scam. Adding to the complexity, many spoof accounts followed what the researchers termed "hub accounts" and suspect are followed "in an effort to appear legitimate". The botnet also employed "amplification bots" – other fake accounts that are used to give "likes" to scam tweets to "to artificially inflate the tweet's popularity [and] make the cryptocurrency scam appear legitimate."