Mandiants Account On X Hacked To Push Cryptocurrency Scam
Updates added below
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” a Mandiant spokesperson told BleepingComputer.
After getting control, the attacker renamed it to @phantomsolw and promoted a fake website impersonating the Phantom crypto wallet and promising to distribute free $PHNTM tokens as part of an airdrop.
In tests by BleepingComputer, those who click the ‘Claim Aidrop’ button and don’t have the Phantom wallet installed will get redirected to the legitimate site where they’re prompted to install it.
Once installed, it will try to automatically drain the targets’ cryptocurrency wallets. However, the Phantom Wallet now warns that the scammers’ website is part of a phishing attack.
“Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds,” the warning says.
The threat actor behind this attack has since deleted the scam tweet and is now using it to troll Mandiant, saying, “Sorry, change password please.” and “Check bookmarks when you get account back.”
As shown in the screenshot above, the attacker retweeted posts from the official Phantom account, including ones advising users to “never rush into clicking links,” likely to add legitimacy to future crypto-scam posts.
Mandiant’s original Twitter handle, @mandiant, now displays a “This account doesn’t exist. Try searching for another.” error message.
Update 1/3/24 9:49 ET: Mandiant has told BleepingComputer that they have regained control of the account on X and are currently working on restoring it.
However, at the time of this update, the username is still renamed to ‘@phantomsolw,’ likely due to Twitter restrictions on changing names too often.