Spike in sale of hijacked X/Twitter Gold accounts triggers cyber threats; researchers warn of potential phishing and disinformation attacks. (IT World Canada)
A rise in cybercriminal activity has been observed, involving the sale of newly created or hijacked X/Twitter Gold check marked accounts. These accounts, highly sought after by threat actors, serve as a means to circulate malicious links camouflaged as trustworthy posts on the platform.
Researchers at CloudSEK, based in Singapore, have noted a surge in dark web advertisements vending X/Twitter Gold-verified accounts. Additionally, similar ads were detected on Telegram messaging channels, displaying a pattern akin to the aforementioned postings.
X/Twitter provides users the option to purchase Gold, Blue, and Grey verification badges for a monthly fee, enhancing brand credibility. Grey badges are specifically reserved for NGOs and governmental bodies.
The Gold accounts available on the dark web vary; some are new, allowing purchasers to rename and imitate a brand, while others were previously controlled by entities but were compromised through brute-force login attacks.
These illicitly sold accounts carry different price tags, ranging from an average of 30 cents for new accounts to $2,000 for aged accounts upgraded to Gold (all figures in U.S. currency). Prices are influenced by the account's existing followership.
According to CloudSEK, this underground market for Gold accounts has been active since last March, with an abundance of sellers and service providers offering these accounts. Identifying these vendors can often be achieved through basic Google Dork queries.
Researchers express concern over the potential surge in phishing and disinformation attacks following the increased availability of Gold accounts on the dark web.
Typically, buyers retain access to an account for 30 days—the standard subscription duration for X/Twitter Gold.
The impact of a stolen or fabricated Gold account is substantial. For instance, the report highlights an incident in September 2023 where a hacker infiltrated the account of Ethereum's co-founder, exploiting their vast following by posting deceptive messages and directing users to a fraudulent website. Within 20 minutes, the hackers managed to siphon off US$691,000 in digital assets before removing the misleading post.
Hackers predominantly target X/Twitter accounts of organizations, particularly those established before 2022, lying dormant or abandoned. By seizing these accounts through brute-force methods and modifying recovery details, hackers prevent the original owners from reclaiming control. Subsequently, the accounts are marketed as Gold for potential buyers.
Another tactic involves obtaining Twitter logins through malware designed to steal information. These logins are verified and advertised on hacker forums, ultimately sold as Gold accounts, sometimes as low as US$800.
To prevent abuse of X/Twitter accounts, organizations are advised to deactivate dormant accounts, enforce robust password practices, and monitor their feeds for signs of hacking activities, such as fake profiles, unauthorized listings, misleading ads, and malicious content.
