Listen to this Post
2025-02-03
A fresh surge of phishing attacks has emerged, specifically targeting prominent accounts across various sectors on the social media platform X (formerly known as Twitter). The ongoing campaign, which has been active since mid-2024, focuses on hijacking accounts belonging to high-profile political figures, influential journalists, technology organizations, cryptocurrency entities, and other notable individuals. This sophisticated phishing scheme aims to exploit these compromised accounts to promote fraudulent cryptocurrency schemes, reaching a broad audience and increasing the attackers’ financial gain.
Phishing Campaign: Tactics, Targets, and Technology
The attack operates with advanced tactics that have been honed through previous campaigns, according to SentinelLabs researchers. The fraudsters use phishing lures such as fake account login notifications and fake copyright violation alerts to deceive users into providing their login credentials. One of the most concerning aspects of this campaign is its use of advanced techniques to evade detection, including abusing Google’s AMP Cache domain to redirect victims to phishing sites while avoiding email detection systems.
The phishing infrastructure behind this operation is both flexible and adaptable, making it challenging to track and neutralize. Malicious domains such as “securelogins-x[.]com” and “x-recoverysupport[.]com” are used to host phishing pages, and emails are delivered through related domains to maintain a consistent appearance. The attackers are leveraging IP addresses linked to a Belize-based VPS service and Turkish hosting providers to further anonymize their activities. The use of these decentralized hosting methods is an indication of the attacker’s efforts to stay one step ahead of cybersecurity measures.
An additional layer of complexity is added by the attackers’ choice of tools. They employ FASTPANEL, a website hosting service, to quickly set up phishing infrastructure and scale their attacks. While not malicious in nature, FASTPANEL is frequently exploited by cybercriminals for phishing purposes due to its easy setup and scalability. Domains like “buy-tanai[.]com” and “emotionai[.]live” are used as placeholders, providing a fast and flexible way for the attackers to launch new schemes.
Cryptocurrency Schemes: A Growing Target for Phishing Campaigns
Cryptocurrency entities have been a significant focus of this phishing campaign. The attackers leverage compromised accounts to push fraudulent schemes, particularly in the cryptocurrency sector. One notable example is the domain “buy-tanai[.]com,” which was once associated with a Solana-based AI-powered trading agent. While the project itself failed, it remains active on decentralized exchanges, suggesting that the attackers are continuing to pursue financial gain through the promotion of pump-and-dump schemes or fake investment opportunities.
What Undercode Says:
This new wave of phishing campaigns highlights the growing sophistication of cybercriminals targeting high-profile accounts on social media platforms like X. The campaign’s multi-faceted approach—including the use of advanced phishing tactics, flexible infrastructure, and leveraging cryptocurrency-themed projects—points to a greater push towards exploiting high-value individuals and sectors for financial gain.
The use of Google’s AMP Cache domain to evade detection is a significant development in phishing tactics, as it underscores the increasing efforts to bypass traditional email security systems. By manipulating legitimate services like AMP, attackers make it harder for security solutions to detect malicious activity, making it easier for them to carry out successful phishing attacks.
Furthermore, the employment of flexible hosting infrastructures, such as using Turkish hosting providers and Belize-based VPS services, allows the attackers to easily adapt and scale their campaigns without attracting immediate attention. This decentralized approach to hosting makes it difficult for cybersecurity experts to quickly shut down these operations, as they are not reliant on a single domain or hosting service.
The frequent use of platforms like FASTPANEL for setting up phishing sites also indicates a growing trend among cybercriminals to leverage legitimate and easily accessible services to conduct malicious activities. These platforms, often intended for legitimate website hosting, become powerful tools for attackers looking to scale their phishing operations rapidly.
In addition to these tactics, the attackers’ focus on cryptocurrency-related scams reveals the increasing prevalence of digital assets as a target for fraud. Cryptocurrency remains a lucrative sector for cybercriminals, and the flexibility provided by decentralized exchanges and unregulated markets makes it easier for these fraudsters to continue their schemes, even if they fail in the short term. Projects like “buy-tanai[.]com” demonstrate how attackers can create legitimate-looking, but ultimately fraudulent, cryptocurrency ventures that fool unsuspecting users.
The overall trend is clear: as social media platforms continue to grow in influence, they become increasingly attractive targets for phishing campaigns. High-profile individuals—whether political figures, journalists, or cryptocurrency entities—are prime candidates for these attacks, given their large followings and the potential for financial gain. The increased sophistication of these phishing operations highlights the importance of proactive cybersecurity measures, as well as ongoing vigilance among social media users, to protect sensitive information and prevent these fraudulent campaigns from succeeding.
As we move into 2025, it’s clear that phishing campaigns targeting high-profile accounts will remain a pressing concern. Social media platforms, especially those as influential as X, must continue to evolve their security systems to counteract these ever-evolving threats. Users, too, must stay informed and vigilant, as the consequences of falling victim to such attacks can be devastating, not only for the individuals involved but also for the broader digital ecosystem.
References:
Reported By: https://cyberpress.org/new-phishing-attack-compromises-high-profile-x-accounts/
https://www.facebook.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help




