Crypto Scammers Snatch Microsoft’s Official X Account in India

By Lore Apostol / June 4, 2024

Microsoft India's official X account has been stolen by cryptocurrency scammers. Under the legitimacy offered by the gold check mark of officially verified organizations, the threat actors are trying to lure potential victims by impersonating Roaring Kitty, the name used by notorious meme stock trader Keith Gill, as Bleeping Computer observed

Microsoft’s Twitter account has over 211,000 followers in India. At the time of writing, the account is still under the hackers’ control.

The scammers use the increased legitimacy that comes with the Microsoft India handle to reply to tweets pretending to be Roaring Kitty (who promotes hunting stocks and investment opportunities), trying to push malware that drains cryptocurrency wallets onto unsuspecting victims. Bot accounts are also used to retweet the hijacked account's posts to artificially help it reach even more victims.

RoaringKitty Malware Attack
Image Credits: Bleeping Computer

The threat actors lure potential victims to a malicious website (presaIe-roaringkitty[.]com) and infect them with cryptocurrency wallet drainer malware. The site advertises an alleged presale that supposedly allows users to purchase GameStop (GME) crypto. People who connect their cryptocurrency wallets to this website practically authorize transactions to the drainer service.

A massive wave of account takeovers has seen a number of other X accounts - mostly verified government and business ones with 'gold' and 'grey' checkmarks - targeted by cryptocurrency scams, SIM-swapping, social engineering, wallet drainers, and more. 

Among the affected X accounts have been the U.S. Securities and Exchange Commission, Netgear, Hyundai MEA, Web3 security firm CertiK, cybersecurity firm Mandiant, Ethereum co-founder Vitalik Buterin, and Donald Trump Jr. 

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: