Researchers discover evasive crypto “giveaway” scam on Twitter
The scam was made up of at least 15,000 bots, used to spread a link to a fake cryptocurrency handout.
A team of researchers have exposed an intricate botnet scam operating on social media platform Twitter.
Duo Security researchers identified the scam by analysing a dataset of more than 88 million Twitter accounts between May and July 2018. The team processed these APIs in a machine learning model to detect bots.
The security software firm’s principal R&D engineer Jordan Wright and data scientist Olabode Anise released a report entitled Don’t @ Me: Hunting Twitter Bots at Scale, which expounds upon their findings in detail.
Using practical data science techniques to flesh out autonomous profiles, researchers found that the scam was comprised of at least 15,000 bots in a “unique three-tiered hierarchical structure”, according to the report.
The report found that genuine accounts had a higher average measure of account activity (i.e. number of tweets per day), compared to bots. Genuine accounts averaged 11.3 tweets per day and 3.78 favorites per day.
Additionally, the giveaway bots had a distinguishable number of characters at the end of their screen names.
“The typical operation of the bots involved first creating a spoofed account for a legitimate cryptocurrency-affiliated account,” the report revealed. “This spoofed account would have (what appeared to be) a randomly-generated screen name, and would copy the name and profile picture of the legitimate account.”
“To spread the spam, the bot would reply to a real tweet posted by the legitimate account. This reply would contain a link inviting the victim to take part in a cryptocurrency giveaway.”
Duo Security learned that “hub accounts” were set up and followed by bots in an attempt to feign legitimacy. The botnet scam also employed “amplification bots” to increase the number of likes for tweets posted by bots.
Uncovering this process helped the research team to unravel the entire botnet structure.
As Duo Security carried out its research, Twitter announced that the company was taking a more proactive approach against automated spam and malicious content that exists on its platform. The social media giant identifies and challenges in excess of 9.9 million potentially spam or automated accounts per week.
“We’re hopeful that these increased investments will be effective in combating spam and malicious content, however, we don’t consider the problem solved,” Duo Security said. “The case study presented in this paper demonstrates that organized botnets are still active and can be discovered with straightforward analysis.”
The team has released an open-source system which was used to gather account, tweet and social network data. The information was liberated to assist the community of security researchers to build upon Duo’s efforts.
Google, Facebook and Twitter have all banned cryptocurrency advertising, while both Facebook and Twitter are following it up with a so-far unsuccessful war on scammers. As traditional avenues close, untrustworthy, or unintentionally shady, actors are taking it to the physical world and other corners of the digital space.