An elaborate system of malware was found to be behind cryptocurrency giveaway scams.
Researchers from tech security company Duo[1] have discovered a network of malicious bots on Twitter, according to an August 6 blog[2] post.
The authors, Jordan Wright and Olabode Anise, disclosed that they were not necessarily looking for automated accounts that were perpetuating scams or behaving maliciously, but were simply looking for accounts that were automated, or not controlled by an actual user.
According to a technical paper[3] outlining Duo's research, the team stumbled upon a large botnet containing approximately 15,000 bots that used a "unique three-tiered hierarchical structure" and are involved in the prevalent crypto giveaway scams that many of our readers will be familiar with[4].
To conduct this research, Wright and Anise comprised a data set of 88 million Twitter accounts and included standard information, such as screen name, tweet count, and follower count, which is represented in the Twitter application programming interface (API). The researchers then took this data set and used machine learning algorithms that applied a subset of standard Twitter account attributes to differentiate between human-controlled and automated accounts.
According to the technical paper, the first tier of bots are responsible for imitating legitimate crypto-affiliated accounts by utilizing what Wright and Anise believe to be randomly generated screen names, and copying the actual names and profile pictures of the genuine accounts.
The second tier is made up of "hub accounts," which don't necessarily have anything to do with the scammer bots, but are hypothesized to be "randomly chosen accounts that the bots follow in an effort to appear legitimate."
The final tier in the network was found to be comprised of "amplification bots," which exist solely to
