Elon Musk Themed Crypto Scams Flooding YouTube Today
I noticed several videos posted to YouTube today attempting to direct users to crypto coin scam websites. The overall ruse is quite old: The scam promises that Elon Musk, or an organization associated with him, is giving away crypto coins. The catch: You first have to send crypto coins to the address to receive multiple of them back.
It all starts with a video promising a live stream of Elon Musk covering current developments around SpaceX.
The channel being used for these videos, SpaceXMission, has over 2 Million subscribers right now and around 430 Million views. Interestingly, this is not a new channel, but it started on August 25th, 2008. Currently, around 4 thousand users are watching the "live streams".
During the video, a QR code is displayed alongside an image that claims to show a tweet by Elon Musk promising crypto coins.
I blocked part of the QR code to prevent accidental scanning. It leads to https://muskwa[y.]com , The site offers wallet addresses for different cryptocurrencies, promising two times your "money back" if you send money to these addresses.
The Bitcoin address used by the scam, 1G4aPzodQtdkLhiERK7VWM6vXYfQeSsAaP, already received about 1.35 Bitcoin or $28,376.70 in 12 transactions. The muskway.com website also shows a "ledger" claiming to show actual incoming transactions and outbound payments. It isn't clear if the inbound payments to the Bitcoin address originate from victims or if they were placed as bait to make the wallet look more legit. But the payments shown on the fake ledger on muskway.com do not match the payments based on blockchain.info. I assume that the money being sent to the address originates from victims.
Needless to say: I am amazed that people still fall for these straightforward, well-known, and apparent scams. But crypto coin users may represent a self-selecting target group. YouTube appears to have already taken down some of the accounts associated with this scam, but there appear to be new videos and possibly accounts popping up. The actual "mystery" is the origin of the "SpaceXMission" account. I suspect that it may have been used in the past for other spam and scams. But it could be an abandoned account later stolen or taken over.
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago