Researchers discover evasive crypto “giveaway” scam on Twitter

Posted: 7 August 2018 2:10 pm
botnet small

The scam was made up of at least 15,000 bots, used to spread a link to a fake cryptocurrency handout.

A team of researchers have exposed an intricate botnet scam operating on social media platform Twitter.

Duo Security researchers identified the scam by analysing a dataset of more than 88 million Twitter accounts between May and July 2018. The team processed these APIs in a machine learning model to detect bots.

The security software firm’s principal R&D engineer Jordan Wright and data scientist Olabode Anise released a report entitled Don’t @ Me: Hunting Twitter Bots at Scale, which expounds upon their findings in detail.

Using practical data science techniques to flesh out autonomous profiles, researchers found that the scam was comprised of at least 15,000 bots in a “unique three-tiered hierarchical structure”, according to the report.

The report found that genuine accounts had a higher average measure of account activity (i.e. number of tweets per day), compared to bots. Genuine accounts averaged 11.3 tweets per day and 3.78 favorites per day.

Additionally, the giveaway bots had a distinguishable number of characters at the end of their screen names.

“The typical operation of the bots involved first creating a spoofed account for a legitimate cryptocurrency-affiliated account,” the report revealed. “This spoofed account would have (what appeared to be) a randomly-generated screen name, and would copy the name and profile picture of the legitimate account.”

“To spread the spam, the bot would reply to a real tweet posted by the legitimate account. This reply would contain a link inviting the victim to take part in a cryptocurrency giveaway.”

Duo Security learned that “hub accounts” were set up and followed by bots in an attempt to feign legitimacy. The botnet scam also employed “amplification bots” to increase the number of likes for tweets posted by bots.

Uncovering this process helped the research team to unravel the entire botnet structure.

As Duo Security carried out its research, Twitter announced that the company was taking a more proactive approach against automated spam and malicious content that exists on its platform. The social media giant identifies and challenges in excess of 9.9 million potentially spam or automated accounts per week.

“We’re hopeful that these increased investments will be effective in combating spam and malicious content, however, we don’t consider the problem solved,” Duo Security said. “The case study presented in this paper demonstrates that organized botnets are still active and can be discovered with straightforward analysis.”

The team has released an open-source system which was used to gather account, tweet and social network data. The information was liberated to assist the community of security researchers to build upon Duo’s efforts.

Google, Facebook and Twitter have all banned cryptocurrency advertising, while both Facebook and Twitter are following it up with a so-far unsuccessful war on scammers. As traditional avenues close, untrustworthy, or unintentionally shady, actors are taking it to the physical world and other corners of the digital space.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Picture: Shutterstock

Ask an Expert provides guides and information on a range of products and services. Because our content is not financial advice, we suggest talking with a professional before you make any decision.

By submitting your comment or question, you agree to our Privacy and Cookies Policy and Terms of Use.

Questions and responses on are not provided, paid for or otherwise endorsed by any bank or brand. These banks and brands are not responsible for ensuring that comments are answered or accurate.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site