Microsoft India’s X account hijacked in Roaring Kitty crypto scam

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill.

Microsoft India's X account has a gold check as an officially verified organization on the platform, lending the hijackers' posts more legitimacy.

The threat actors take advantage of Gill's recent comeback to lure potential victims and infect them with cryptocurrency wallet drainer malware.

They are now using Microsoft India's hijacked account to reply to tweets, luring the company's followers and other people on X to a malicious website (presaIe-roaringkitty[.]com) that would allegedly allow them to buy GameStop (GME) crypto as part of a so-called presale.

However, the threat actors would steal the assets of anyone who connects their cryptocurrency wallets to the site and authorizes transactions to the drainer service.

Many bot accounts are now also retweeting the hijacked account's tweets, a tactic designed to artificially increase the malicious posts' reach and trap even more victims.

​In recent months, X users have been targeted in a massive wave of account hijacks, leading to verified organizations falling victim to hacks promoting cryptocurrency scams and wallet drainers.

The U.S. Securities and Exchange Commission's @SECGov account was also compromised after a SIM-swapping attack. The compromised account was later used to post a fake announcement about the long-awaited approval of Bitcoin exchange-traded funds (ETFs) on security exchanges, causing a temporary spike in Bitcoin prices.

X's Safety team later also attributed the breach to a SIM-swapping attack that hijacked a phone number associated with the @SECGov account, noting that the SEC's account did not have two-factor authentication (2FA) enabled at the time of the hack.

Previously, the X accounts for Netgear and Hyundai MEA were also hacked to promote sites designed to push crypto wallet drainers, while the account of Web3 security firm CertiK was also compromised days earlier for similar malicious purposes.

Since the beginning of the year, threat actors have been increasingly targeting verified government and business X accounts with 'gold' and 'grey' checkmarks to lend credibility to tweets that redirect users to phishing sites that promote cryptocurrency scams or spread crypto drainers.

X users also face a relentless barrage of malicious cryptocurrency ads, leading to scams, fake airdrops, and cryptocurrency and NFT drainers.

According to ScamSniffer blockchain threat experts, an X ad campaign used a single wallet drainer known as 'MS Drainer' to steal approximately $59 million worth of cryptocurrency from 63,000 people between March and November.