On March 29, Telegram was inaccessible for about three hours in Europe, western Russia, as well as Ukraine and Belarus. The company said that the messenger messaging caused interruptions in the power supply of one of the servers. For the last month, the service has faced problems for the second time.
Pavel Durov reported on the work to restore the work of Telegram on his Twitter account. First he wrote about a problem with server power, then promised to fix everything in the near future and asked to “cross your fingers” (this tweet is already deleted). This is what the cybercriminals who created the fake accounts of the creator Telegram used, and what the company investigating the cybercrimes of Group-IB drew attention to.
Durov’s tweets have profiles with his name and avatar, which can be distinguished by nicknames – @durov_pavell or @durhiov (the first one has already been blocked, the tweets of the second have been preserved). On behalf of the creator of the messenger, they offered users compensation in the form of a crypto currency etherum.
Accounts attached to their posts links to a special site, created on March 26, where they had to send the airwaves to the address encoded in the QR code. In response, users promised to send increased compensation.
As learned in Group-IB, the attackers managed to collect 8.30 ETH (3.5 thousand dollars) in one purse, and in total received about 60 thousand dollars for five wallets. It is not known what was the final amount received by the scammers, because they could have dozens of wallets.
In addition, the authors created several bots that likali and retweet record, and also confirmed that they received money. But there were those who sent the ether to the fake Durov, received nothing in return and decided to find out what went wrong.
This is not the first time that scammers use fake accounts on Twitter to extort money from users. In February 2018, under one of Ilona Mask’s tweets, a copy of his account offered users to send 0.5-2 ETH and get 5000 ETH in return.
Никак. Смотри на логин Дурова и того, кто про акцию сказал
— Евгений Субботин (@subbotaaa_s) March 29, 2018