A new phishing campaign is targeting X accounts of crypto personalities, using advanced methods that bypass two-factor authentication and look more credible than usual scams.
Crypto developer Zak Cole said the attack is happening right now in a post on X on Wednesday.
It targets famous crypto figures, and an OnlyFans model also faced a simpler version of the attack. The scam uses X’s own system to trick people into giving full control of their accounts.
This scam does not try to steal passwords or use fake login pages. Instead, it uses X’s tools to take over accounts. Cole said the campaign shows, “Zero detection. Active right now. Full account takeover.” MetaMask security researcher Ohm Shah said he saw the attack “in the wild,” which means it is happening to more people than first thought.
The attack starts with a message on X that has a link. The link looks like it goes to Google Calendar. X makes a preview of the link that makes it look real. In one case, the message pretended to come from a representative of a big venture capital firm called Andreessen Horowitz. The link actually goes to “x(.)ca-lendar(.)com,” which was registered on Saturday. Even so, the preview still shows the real Google Calendar website.
When people click the link, it redirects to X and asks for app permissions. The app is called “Calendar,” but two letters are actually Cyrillic. This trick makes it a fake app. The app asks for many permissions, like posting, deleting posts, changing the profile, following or unfollowing accounts, and more.
Cole said there is a hint for careful users: after giving permission, people are redirected to Calendly, not Google Calendar. He wrote, “Calendly? They spoofed Google Calendar, but redirect to Calendly? Major operational security failure. This inconsistency could tip off victims.”
Also Read: Naver to Buy Upbit and Launch Korean Won Stablecoin
