When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The hijackers compromise the account, switch the picture to Elon, and then start spamming cryptocurrency links. Alternatively, they may keep the account as it is and spam images claiming Elon has approved a giveaway or something similar.
Well, times have changed on the big blue bird app. Whisper it, but Elon tributes may no longer be the hottest way on the block to earn some scam money. Instead, we’re seeing verified profiles compromised to promote and sell NFTs instead.
Forging a new career in pixel art
At some point on Thursday a verified profile belonging to Siobhán McSweeney, well known Irish actor, started to behave a little unusually. That is to say, promoting a range of pixel art cats known as “GrumpyKatz”.
The tweet reads as follows:
I am working with @grumpykatznfts to giveaway 15 SOL ($1500)
- Follow me & @GrumpyKatzNFT
- Like & RT
- Tag 3 friends
We don’t know if the linked pixel art project is “genuine” or not, as there’s very little to go on from the profile itself. Another tweet (now deleted) suggested people should send a direct message to the account. Whoever was running this scam would likely have phished hopefuls via the hijacked Twitter account.
A short while after, the profile finally completed its full transformation. Behold the weirdly drawn ape of doom set as the profile picture:
You’ll notice the bio blurb has been altered to fit in with the general NFT theme taking place. It says:
Building an NFT community | 450,000 supporters | NFT promoter | DM for promo
The profile location has also been set to “Metaverse”, because of course it has.
Getting up to some monkey business
Followers of the actor were initially a bit surprised by the sudden interest in all things cryptocurrency. Had she decided to hop on the bandwagon? Or was something else at work? People weren’t sure and there was no 100% confirmed answer until a little earlier today.
This blog is safe for work so if you wish to see her, um, very enthusiastic condemnation of the account compromise, click here. At time of writing, some of the NFT/metaverse related Tweets are still on her profile.
What caused this, and how can you protect your Twitter account?
As to how it happened, there’s no indication just yet.
Verified profile accounts need to have two-factor authentication (2FA) enabled to be verified in the first place. But we’ve seen enough sneaky examples of people bypassing 2FA on different platforms previously.
Twitter offers a variety of options where it’s concerned: mobile, app, and security key. Perhaps the actor is using SMS codes and somebody performed a SIM swap attack. Maybe she uses an auth app but was taken to a phishing page which also asks for the time sensitive code.
I suspect we won’t find out. Even so, this is a good time to go check your login and verification settings on Twitter whether verified or not. You don’t want to accidentally wander into whatever currently passes for a metaverse, no matter how many free cats they claim to be giving away.
The post Actor’s verified Twitter profile hijacked to spam NFT giveaways appeared first on Malwarebytes Labs.