Silent Push Analysts have uncovered a sophisticated social media scam campaign exploiting Twitter’s URL display vulnerabilities to promote fake cryptocurrency presales impersonating Apple. The operation involves hijacked URLs, metadata manipulations, and a network of malicious domains to deceive users and steal funds.
Affected: Twitter, User Accounts, Cryptocurrency Wallets
Affected: Twitter, User Accounts, Cryptocurrency Wallets
Keypoints
- The scam leverages Twitter’s URL handling process to display legitimate-looking links while redirecting users to malicious sites.
- Attackers exploit URL metadata retrieval by configuring servers to redirect the platform’s bot to safe domains while victims land on scam pages.
- Fake ads promote a counterfeit “Apple iToken,” involving forged endorsements and impersonation of Apple’s brand.
- The campaign targets users with fake cryptocurrency presale offers that prompt account creation and fund transfers to numerous wallets.
- Silent Push uncovered nearly 90 related domains, operated by the same threat actor group, linked through infrastructure fingerprints.
- The operation employs secondary malicious domains and suspicious name servers to sustain the scam ecosystem.
- The campaign highlights the need for improved URL validation and increased user awareness to prevent financial fraud on social media platforms.
Read More: https://gbhackers.com/new-attack-exploits-x-twitter-ad-url-feature/