The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
"We are aware of the incident that affected the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.
After gaining control, the attacker renamed it @phantomsolw and promoted a fake website posing as the Phantom cryptocurrency and promising to distribute free $PHNTM tokens as part of an airdrop.
In tests conducted by BleepingComputer, those who click on the 'Claim Airdrop' button and do not have the Phantom wallet installed will be redirected to the legitimate site where they will be prompted to install it.
Once installed, it will attempt to automatically empty the targets' cryptocurrency wallets. However, Phantom Wallet is now warning that the scammers' website is part of a phishing attack.
"Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it to protect you and your funds," the warning says.
The threat actor behind this attack has since deleted the fraudulent tweet and is now using it to troll Mandiant, saying, "Sorry, change password please." and "Check favorites when you recover your account."
As shown in the screenshot above, the attacker retweeted posts from the official Phantom account, including some advising users to “never rush to click on links,” which is likely to add legitimacy to future crypto scam posts.
Mandiant's original Twitter handle, @mandiant, now displays the message "This account does not exist. Try searching for another one." Error message.