Google’s Mandiant Falls Prey to Cunning Cryptocurrency Scam
The American cybersecurity firm Mandiant, a subsidiary of Google, suffered a breach of its account, which was utilized for orchestrating a cryptocurrency scam. The malefactor renamed the account to @phantomsolw and disseminated fraudulent claims about a complimentary token distribution of $PHNTM, purportedly from the Phantom cryptocurrency wallet. The breach was reported by the MalwareHunterTeam. Mandiant is aware of the incident and is diligently working towards a resolution.
Mandiant's account also got pwned? The fuck is going on here?
🤔
😂 pic.twitter.com/5jn0xgS6uD— MalwareHunterTeam (@malwrhunterteam) January 3, 2024
After the breach, the cybercriminal posted a counterfeit webpage on the account, mimicking the Phantom site, and promised a gratuitous token giveaway. Clicking on the link in the tweet redirects users without the Phantom wallet to the official site for installation. However, post-installation, there’s an attempt at the automatic expropriation of cryptocurrency from the victims’ wallets. Nevertheless, Phantom has already warned about the phishing attack, declaring the malevolent site dangerous and its interactions blocked.
Following the publication of the deceptive tweet, the attacker deleted it and began to mock Mandiant, posting messages like “Apologies, please change your password” and “Check your bookmarks when you retrieve your account.” Screenshots reveal the malefactor retweeted messages from Phantom’s official account, including cautions about not hastily following links, likely to lend credibility to his future fraudulent posts. Mandiant has confirmed that control over the account has been restored, and all tweets by the perpetrator have been deleted.