Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts

  /     /     /  
Publicated : 23/11/2024   Category : security


Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts


Verified accounts for celebs and organizations deliver a deep vein of cybercrime riches for crooks.



Cybercriminals are taking over verified Gold accounts on X, the social media service formerly known as Twitter — and selling them on the Dark Web for up to $2,000 a pop.
That’s according to research from CloudSEK, which has uncovered a Gold Rush, as it were, of these accounts showing up in underground marketplaces.
The
Gold badge on X
means that the service has independently verified the account as legitimately belonging to a high-profile organization or a celebrity. It was introduced a year ago as a paid option after X made the blue checkmark — formerly a designation of legitimacy —
a badge that anyone could pay to include on their profiles
, no validation needed.
Cybercriminals are now brute-forcing passwords and stealing credentials through malware in order to gain access to existing Gold accounts, according to CloudSEK researchers; more often, they are also taking over non-Gold accounts associated with real organizations that havent been used in months and upgrading them to verified status. In all, hundreds of accounts with reach to tens of thousands of followers are on offer in underground forums.
Nefarious types willing to pay can then use the accounts to host phishing links, launch disinformation campaigns and financial scams, or impact brand reputation by posting damaging content.
Dark Web marketplaces are flooded with
advertisements selling Twitter Gold accounts
, according to research the firm released this week. Prices range from $35 for a basic account to $2,000 for accounts with large followings.”
The researchers illustrated the danger to organizations from the trend with a compelling example from September: Cyberattackers were able to take over an X account belonging to Vitalik Buterin, the co-founder of Ethereum. They then tweeted out an offer for purportedly free nonfungible tokens (NFTs), with a malicious link embedded that redirected users to a fake website designed to drain cryptocurrency from their wallets.
Despite being active for about 20 minutes, the hackers managed to siphon off a staggering $691,000 [in] digital assets before removing the fraudulent post, according to the analysis.
The value to crooks in infiltrating major accounts has been a known quantity since at least 2020, when hackers were able to
compromise the internal networks of what was then Twitter
, gaining access to verified accounts and sending out tweets on behalf of several high-profile individuals.
To protect themselves, organizations should regularly monitor brand mentions on Twitter and implement strong password policies to protect against account compromise, CloudSEK recommended. Effective brand monitoring means identifying fake profiles, unauthorized product listings, misleading advertisements, and malicious content.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts