Researchers Discover Huge Crypto Scam Botnet on Twitter

Researchers have uncovered a huge botnet that mimics legitimate accounts on Twitter to spread a cryptocurrency "Giveaway" scam.

As reported by ITPro, the discovery was made during a research effort by Duo Security that looked at 88 million Twitter accounts from May to July and used machine learning to identify bots, malicious or otherwise, on the social media platform.

The team notably found a single network of over 15,000 bots in a three-tiered structure that spread the fake cryptocurrency giveaway, and further evolved as time passed in order to avoid detection.

To spread the fake giveaway scam, the bots would reply to tweets posted by the legitimate account, containing a link to entice Twitter users to the scam.

Adding to the complexity, many spoof accounts followed what the researchers termed "Hub accounts" and suspect are followed "In an effort to appear legitimate".

The botnet also employed "Amplification bots" - other fake accounts that are used to give "Likes" to scam tweets to "To artificially inflate the tweet's popularity [and] make the cryptocurrency scam appear legitimate."

" resulted in a 3 tiered botnet structure consisting of the scam publishing bots, the hub accounts the bots were following, and the amplification bots that like each created tweet.

The mapping shows that the amplification bots like tweets from both clusters, binding them together.

Intriguingly, the team found that the discoveries allowed them to connect the bots in a way "That can result in the unraveling of the entire botnet."

Going forward, Duo plans to open source the techniques described in the paper in the hope that new techniques can be developed to identify malicious bots, and help "Keep Twitter and other social networks a place for healthy online discussion and community."