Capitalizing on fundraising efforts to support recently pardoned Silk Road founder Ross Ulbricht, criminals have been launching phishing attacks targeting unwitting social media users.
After Ulbricht’s release from a federal penitentiary Tuesday, donations began to flow on X and malicious actors wasted no time using the excitement to spread scams on X and Telegram.
For example, one marred X account, shared a link in the replies claiming to be an official Telegram channel for updates. The message was liked 317 times before being removed from X.
The message was flagged by the account of the cybersecurity education website VX-Underground, which warned members of its Telegram channel that the link was a malware installer.
“Ross Ulbricht’s X account is being spammed,” VX-Underground wrote. “When you try to view the ‘official’ Ross Ulbricht Telegram channel it asks to verify your identity, and it gives free malware!”
Telegram provides third-party verification to help users confirm the legitimacy of contacts and services. However, clicking the fraudulent link in this case led to a fake verification screen. Scammers used a Telegram mini app during this process to deceive users into executing malicious code on their devices.
Experts warn that cybercriminals increasingly use high-profile celebrity names to manipulate unsuspecting victims, exploiting the emotional responses tied to fame and public trust. Last week, scammers used AI-generated images of Brad Pitt to scam a woman out of $850,000 in France.
“Celebrity-themed malware is a prime example of social engineering at its most effective,” John Price, CEO of cybersecurity firm SubRosa, told Decrypt. “Cybercriminals leverage well-known figures because they capitalize on two fundamental aspects of human psychology: trust and curiosity.”
As Price explained, celebrities like Ulbricht are recognizable and often evoke strong emotional responses, which make users more likely to click on links or download attachments without second-guessing their authenticity.
“This tactic works particularly well on social media, where users are accustomed to casual and rapid interactions, often bypassing critical scrutiny,” he said.
It’s unclear how many systems were compromised by the Telegram malware attempting to use Ulbricht’s name before X suspended the account. Price stressed that these scams can have consequences beyond personal losses.
“Compromised devices can lead to corporate breaches, data theft, or worse,” he said. “Awareness and vigilance remain the best defenses.”
Generally Intelligent Newsletter
A weekly AI journey narrated by Gen, a generative AI model.
