Updates added beneath
The Twitter account of American cybersecurity agency and Google subsidiary Mandiant was hijacked earlier at this time to impersonate the Phantom crypto pockets and share a cryptocurrency rip-off.
“We’re conscious of the incident impacting the Mandiant X account and are working to resolve the problem,” a Mandiant spokesperson instructed BleepingComputer.
After getting management, the attacker renamed it to @phantomsolw and promoted a faux web site impersonating the Phantom crypto pockets and promising to distribute free $PHNTM tokens as a part of an airdrop.
In exams by BleepingComputer, those that click on the ‘Declare Aidrop’ button and do not have the Phantom pockets put in will get redirected to the professional website the place they’re prompted to put in it.
As soon as put in, it’ll attempt to routinely drain the targets’ cryptocurrency wallets. Nonetheless, the Phantom Pockets now warns that the scammers’ web site is a part of a phishing assault.
“Phantom believes this web site is malicious and unsafe to make use of. We’ve got disabled the flexibility to work together with it with a purpose to shield you and your funds,” the warning says.
The risk actor behind this assault has since deleted the rip-off tweet and is now utilizing it to troll Mandiant, saying, “Sorry, change password please.” and “Examine bookmarks while you get account again.”
As proven within the screenshot above, the attacker retweeted posts from the official Phantom account, together with ones advising customers to “by no means rush into clicking hyperlinks,” doubtless so as to add legitimacy to future crypto-scam posts.
Mandiant’s authentic Twitter deal with, @mandiant, now shows a “This account does not exist. Strive trying to find one other.” error message.
Replace 1/3/24 9:49 ET: Mandiant has instructed BleepingComputer that they’ve regained management of the account on X and are at the moment engaged on restoring it.
Nonetheless, on the time of this replace, the username remains to be renamed to ‘@phantomsolw,’ doubtless on account of Twitter restrictions on altering names too typically.