[Warning]: Fake Cthulhu World project DM on Twitter, will steal your crypto

[Dave1]

Cyber threat actors, have created a fake and malware ridden website similar to Cthulhu World P2E.



https://twitter.com/Iamdeadlyz/status/1562821456492314625

So the MO of this criminals is to message their potential victims in Twitter for a potential test on this new game, and they says that they are going to pay with Ethereum. So they will redirect you to the fake website:

Code:

cthulhu-world.com site

And then they will ask you to download the "alpha" test, give you a code to used, and depending on what they are going to give you, the victims will either download this malware:

- AsynchRat
- Redline Stealer
- Raccoon Stealer

Of course, anyone of this malware are going to look for your cryptocurrency wallets. As proved of one victims,



https://twitter.com/Iamdeadlyz/status/1562821456492314625

You can read about setting up your twitter DM here, https://help.twitter.com/en/safety-and-security/control-your-twitter-experience

And if my chance anyone has downloaded or have interact with the same modus, it's better to scan your computer now.

[StormHawk]

If you like free things crypto isn't for you, to get good rewards from airdrops this days you must have contribute to the project when they are in their early phase, like Testnet tasks or do some swap on the platform,  this is what you should do instead of clicking on random links and dreaming of free tokens you never worked for, thanks for the advice I hope many learnt from this.

[PX-Z]

Downloading a software from completely random stranger online always give me a red flag, especially in socmed particularly twitter.
Blockchain projects have their own telegram group or discord server, or any socmed community where they announce such things.
Receiving a dm in twitter for such offer always be a red flag, ALWAYS. If the account seems legit, it should be confirm to the community first or project group before proceeding, else these might happen. Also, virustotal is completely free to check if the file has malware on it.

[Baofeng]

I mean the vector of attack is the offer of incentive here. Not sure how much it is, but it seems that others can't refused free money and there's where the criminals are taking advantage of.

If I'm not mistaken there was someone  who fall for a similar trick, he was message in Telegram offer a job or something and when he download something, the hacker took his hard earn money.

[aioc]

I mean the vector of attack is the offer of incentive here. Not sure how much it is, but it seems that others can't refused free money and there's where the criminals are taking advantage of.

If I'm not mistaken there was someone  who fall for a similar trick, he was message in Telegram offer a job or something and when he download something, the hacker took his hard earn money.

Those who are into free money should now think twice before accepting this kind of offer I have seen so many offers like this on many social media and they are very tempting, verify first who is posting some anti-virus cannot block these malware so the best way to combat these threats is to educate ourselves, it's getting riskier now if you are involved in Cryptocurrency don't just come here with only knowledge about making money, get yourself educated first on the many harms and scams.

[albon]

And if my chance anyone has downloaded or have interact with the same modus, it's better to scan your computer now.

Doing a computer scan after running a Trojan horse is not a 100% sufficient solution. It is better for the one who downloaded this game that contains the Trojan horse to make a new version of Windows for his device. I advise anyone who reads what I write not to download and install any programs or games from an unknown source Because your wallets and your data will be in the hands of the hacker, so you all have to be careful, as social media has become a suitable environment for scammers to deceive victims through a false advertisement or something similar.

[fortunecrypto]

Hackers get better and they have a team to build imitation projects like this for more relevant information about this issue you can go here bleepingcomputer covers this issue and expose how hackers made you download this malware and what malware is downloaded and what you should do.

https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/

[Pmalek]

If more people started considering everything they receive over PMs, emails, or Telegram to be a scam, we wouldn't be seeing new warning threads with the same approaches over and over again. In other words, scammers wouldn't be doing this if people used common sense.

Nothing is free. Even if it seems free, you are going to pay for it. 

[robelneo]

If more people started considering everything they receive over PMs, emails, or Telegram to be a scam, we wouldn't be seeing new warning threads with the same approaches over and over again. In other words, scammers wouldn't be doing this if people used common sense.

Nothing is free. Even if it seems free, you are going to pay for it. 

People are opportunity seekers but they are looking and receiving it in the wrong way and in the wrong venues, random people sending you an offer on telegram is a big no-no, if you really want opportunities coming in subscribe on reputable article site or visit the announcement thread and check people's opinion on those projects, its time to shutdown random people offering something that are too good to be true without doing research, the Cryptocurrency community has been infiltrated by hackers and scammers so don't easily trust anyone.

[Pmalek]

People are opportunity seekers but they are looking and receiving it in the wrong way and in the wrong venues, random people sending you an offer on telegram is a big no-no, if you really want opportunities coming in subscribe on reputable article site or visit the announcement thread and check people's opinion on those projects...

There are of course legit offers that one can take advantage of, but they are going to be posted on official sources. Websites or social media channels of those projects. Those are the places you can look but still remain cautions about what you are doing. Even if it's on the official website, it can still be dangerous or malicious. People believing in hot Asian girls contacting them in private over Telegram to make them rich is the equivalent of the US Army Captain emailing you to help you get Saddam's gold out of Iraq. It's fairytales.