CloudSEK researchers have identified a concerning trend on the dark web – a significant increase in the sale of stolen or fake X Gold accounts. This has been an ongoing issue since last March [1], with numerous shops and service providers offering these accounts [1]. Cybercriminals are employing various techniques, such as manual creation of fake accounts or using malware to steal credentials [4], in order to forge or steal these accounts [4].
Description
The prices for these accounts vary [4], ranging from $0.30 for a new X account without a checkmark to $2,000 for a Gold account with a substantial number of followers. Advertisements for these accounts have seen a surge on the dark web and Telegram messaging site. Hackers primarily target older, unused X accounts and gain access through brute force methods [1]. Once compromised [1] [3] [5], these accounts are sold as “Gold” on hacker forums [1]. Additionally, hackers are using information stealer malware to collect Twitter logins and selling the working accounts as “Twitter Gold” for as little as $800.
This increase in Gold accounts on the dark web raises concerns about potential phishing and disinformation attacks [1]. Threat actors are also taking over non-Gold accounts associated with legitimate organizations and upgrading them to verified status [5]. These compromised accounts are then utilized for phishing [5], disinformation campaigns [1] [2] [5], financial scams [5], and posting damaging content [5]. To mitigate these risks [3], organizations are advised to regularly monitor brand mentions on X and implement strong password policies to protect against account compromise [5].
Conclusion
The surge in the sale of stolen or fake X Gold accounts on the dark web has significant implications. It not only raises concerns about potential phishing and disinformation attacks but also highlights the need for organizations to be vigilant in monitoring their brand mentions on X. Implementing strong password policies is crucial to protect against account compromise [5]. As cybercriminals continue to exploit these accounts for malicious purposes, it is essential for organizations to stay proactive in safeguarding their online presence and reputation.
References
[1] https://infosecbulletin.com/x-twitter-gold-accounts-flood-dark-web/
[2] https://www.itworldcanada.com/article/stolen-gold-x-accounts-are-increasingly-being-peddled-on-dark-web-says-report/555707
[3] https://www.infosecurity-magazine.com/news/fake-stolen-x-gold-accounts-flood/
[4] https://flyytech.com/2024/01/03/fake-and-stolen-x-gold-accounts-flood-dark-web/
[5] https://www.darkreading.com/application-security/cybercriminals-flood-dark-web-x-twitter-gold-accounts
