The American information security company Mandiant, a subsidiary of Google, recently fell victim to a cyber attack resulting in a cryptocurrency scam. The hacker, operating under the alias @phantomsolw, compromised Mandiant’s account and disseminated false information regarding the purported giveaway of $PHNTM tokens on behalf of the Phantom crypto wallet. The breach was initially reported by MalwareHunterTeam, prompting Mandiant to take immediate action to rectify the situation.
The attacker’s tweet.
Following the security breach, the cybercriminal created a counterfeit webpage on Mandiant’s account, mimicking the appearance of the official Phantom website. The fraudulent page claimed to offer free $PHNTM tokens as part of a giveaway. Upon clicking the link provided in the deceptive tweet, users were redirected to the authentic Phantom website, seemingly encouraging them to install the Phantom wallet. However, once installed, the wallet attempted to automatically withdraw cryptocurrency from the victims’ wallets. Fortunately, Phantom had already issued a warning about potential phishing attacks, cautioning users against interacting with the malicious site.
Mandiant profile hacked.
After posting the deceptive tweet, the attacker promptly deleted it and proceeded to taunt Mandiant with messages like “Sorry, change your password” and “Check your bookmarks when you recover your account.” Screenshots revealed that the assailant even retweeted messages from the official Phantom account, including genuine warnings advising users not to hastily click on links. This tactic aimed to lend an air of legitimacy to any future fraudulent posts. Mandiant has since regained control of the compromised account, successfully removing all traces of the attacker’s tweets.
CyberSec84 | Cybersecurity news. 
Leave a comment