TechFlow reports that on December 10, Scam Sniffer issued a security alert exposing a new compound scam targeting cryptocurrency users. The scam operates through two primary attack vectors: system infection and account hijacking. Fraudsters first impersonate well-known crypto KOLs by commenting under legitimate posts, luring users into joining so-called "exclusive investment" Telegram groups. Once users join these groups, they immediately receive verification requests from a fake bot named OfficiaISafeguardBot. These verifications typically come with extremely short time windows, creating a sense of urgency.
On the technical side, the verification process silently injects malicious PowerShell code into the user's clipboard. Once executed, this automatically downloads and runs malware capable of compromising system security. Such software has been flagged as malicious by VirusTotal and has recently led to multiple incidents of private key theft. The other attack method involves tricking users into revealing sensitive Telegram account information, including phone numbers, login verification codes, and two-factor authentication passwords, thereby gaining full control over the user's Telegram account.
Scam Sniffer offers the following security recommendations:
1. Never execute commands from untrusted sources
2. Carefully verify the authenticity of official channels
3. Remain vigilant against any verification requests that create time pressure
4. Store cryptocurrency assets using hardware wallets
5. Avoid running arbitrary code or installing unknown software
6. Never share Telegram verification codes or two-factor authentication passwords




