X users at risk as crypto scammers exploit new design flaw

Crypto scammers have found a new way to abuse X interface to propagate scams, fake giveaways, and deceptive Telegram channels.

As reported by BleepingComputer, fraudsters have started actively taking advantage of what appears to be a user interface flaw, enabling them to create seemingly legitimate URLs containing malicious content.

This flaw, initially identified by X user @rcwht_, empowers scammers to publish tweets that mimic those from authentic accounts.

Interesting scam crypto-related tweets. Link looks like it should direct to binance, but actually direct to some scammy account.

Been tagged in two of these and they both use https://t.co/2HhH3FW3nT – anyone know whats going on here? pic.twitter.com/NVtFkm12d6

— Rob White (@rcwht_) December 17, 2023

According to BleepingComputer, scammers can change the status_id field while putting the legitimate tag in the account_name field. For instance:

https://x.com/[account_name]/status/[status_id] would look like https://x.com/itscrypto_news/status/1736650221243826564

In the example above, the link would be displayed as if it were posted by crypto.news. However, when a user opens the link, it redirects them to Elon Musk‘s post as the status ID fetches the corresponding post from the website’s database without verifying if the post is linked to the account_name field.

The vulnerability apparently allows scammers to modify the account name, even for high-profile accounts. As a result, fraudsters have been exploiting the flaw for a few weeks now, targeting crypto-related accounts such as Binance, Ethereum Foundation, and many others with fake airdrops, security researcher MalwareHunterTeam told BleepingComputer.

The report notes that this redirect is a standard X feature and is unlikely to change for enhanced security. Consequently, users are advised to scrutinize the address bar when clicking on X links to confirm they visit the intended tweet without redirection.