Security experts issue warnings when malicious actors distribute fake versions of the Calendly bot on X, posing as cryptocurrency journalists.
According to a post by blockchain security firm SlowMist X, scammers are targeting Chinese-speaking victims by posing as cryptocurrency journalists. Scammers send direct messages, including links that mimic the appearance of a legitimate Calendly bot, to schedule interviews.
However, once a victim grants a license to the fake clone of the bot, they inadvertently grant control of their X account, providing scammers with the ability to distribute phishing links through their posts.
Although the scale of the scam attack remains unclear, SlowMist notes that scammers often communicate in broken Chinese and focus their efforts on cryptocurrency influencers. According to user @0xcryptowizard on X, the cybercriminals are linked to a cryptocurrency hacking group known as Pink Drainer.
SlowMist urged users to delete any suspicious apps or sessions in their X settings to mitigate the risk of unauthorized access.
This is not the first time scammers have impersonated journalists in an attempt to exploit victims and steal private data and cryptocurrencies. In November 2023, crypto.news reported that SlowMist had uncovered a sophisticated phishing attack on cryptocurrency startup Friend.tech, in which scammers used fake interviews and malicious scripts to target users.
During the same month, an anonymous scam artist, posing as a Forbes journalist, approached holders of non-fungible tokens (NFTs) from Bored Ape Yacht Club, requesting their experience with the popular NFT collection. In the interviews, the scammers set up multiple call links and recorded screens using a separate recording bot, one victim reported.
