Cybercriminals exploited the U.S. presidential debate to orchestrate cryptocurrency scams using deep fake videos featuring prominent personalities like Elon Musk and Donald Trump. Victims were misled into thinking they could win cryptocurrency prizes by investing during the streamed event, which utilized hijacked YouTube channels to gain visibility and credibility. This highlights the ongoing threat posed by cybercriminals leveraging current events and advanced technologies for financial gain. Affected: victims of cryptocurrency scams, YouTube users
Keypoints :
- Cybercriminals used the U.S. presidential debate as bait for cryptocurrency scams.
- Deep fake videos claimed to feature Elon Musk and Donald Trump in a debate against Kamala Harris.
- The streaming occurred on hijacked YouTube channels with significant followings.
- Scam videos included QR codes linked to fraudulent cryptocurrency domains.
- Scammers adopted deep fake technology to enhance the legitimacy of their claims.
- Threat actors employed ‘stream-jacking’ to hijack popular YouTube channels.
- The participating channels were altered to look like official Tesla channels.
- Users were manipulated to believe they could invest in cryptocurrency and win prizes.
- Potential victims were deceived into sending funds to criminal crypto wallet addresses.
- Proactive measures, such as blocking suspicious domains, are critical to mitigating these threats.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: The threat actors used application layer protocols to stream manipulated videos.
- T1583.001 – Acquire Infrastructure: The actors hijacked existing YouTube channels for their malicious activities.
- T1584.001 – Compromise Accounts: Stream-jacking involved exploiting accounts with large numbers of subscribers for deception.
- T1494.001 – Resource Hijacking: The campaign leveraged the influence of high-traffic channels to amplify scam visibility.
- T1070.004 – Indicator Removal on Host: Cybercriminals used methods to hide their activities and maintain operation.
Indicator of Compromise :
- [Domain] debate[.]gift
- [Domain] trump-debate[.]com
- [Domain] tesladebate[.]com
- [Domain] eth23[.]io
- [Domain] chaindrop[.]promo
Full Story: https://blogs.infoblox.com/threat-intelligence/no-elon-musk-was-not-in-the-us-presidential-debate/