My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Elon Musk Themed Crypto Scams Flooding YouTube Today

Published: 2023-01-15. Last Updated: 2023-01-15 17:09:34 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

I noticed several videos posted to YouTube today attempting to direct users to crypto coin scam websites. The overall ruse is quite old: The scam promises that Elon Musk, or an organization associated with him, is giving away crypto coins. The catch: You first have to send crypto coins to the address to receive multiple of them back. 

It all starts with a video promising a live stream of Elon Musk covering current developments around SpaceX.

screen shot from youtube showing link to Elon Musk video

The channel being used for these videos, SpaceXMission, has over 2 Million subscribers right now and around 430 Million views. Interestingly, this is not a new channel, but it started on August 25th, 2008. Currently, around 4 thousand users are watching the "live streams".

During the video, a QR code is displayed alongside an image that claims to show a tweet by Elon Musk promising crypto coins.

screen crap from video showing fake elon musk twee and qr code.

I blocked part of the QR code to prevent accidental scanning. It leads to https://muskwa[y.]com , The site offers wallet addresses for different cryptocurrencies, promising two times your "money back" if you send money to these addresses.

The Bitcoin address used by the scam, 1G4aPzodQtdkLhiERK7VWM6vXYfQeSsAaP, already received about 1.35 Bitcoin or $28,376.70 in 12 transactions. The muskway.com website also shows a "ledger" claiming to show actual incoming transactions and outbound payments. It isn't clear if the inbound payments to the Bitcoin address originate from victims or if they were placed as bait to make the wallet look more legit. But the payments shown on the fake ledger on muskway.com do not match the payments based on blockchain.info. I assume that the money being sent to the address originates from victims.

Needless to say: I am amazed that people still fall for these straightforward, well-known, and apparent scams. But crypto coin users may represent a self-selecting target group. YouTube appears to have already taken down some of the accounts associated with this scam, but there appear to be new videos and possibly accounts popping up. The actual "mystery" is the origin of the "SpaceXMission" account. I suspect that it may have been used in the past for other spam and scams. But it could be an abandoned account later stolen or taken over.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

1 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

What can help some is that we report those to YouTube, just click on the 3 dots and report it as misleading at the very least. I have had a few pulled down already, and you get a nice message after it is deal with
"Thank you for reporting videos you find inappropriate. The video that you reported to us on January 15, 2023 has been removed or restricted from YouTube."
I included the link to this post as part of reasoning it should be taken down, along with how the content didn't match the title in these cases.

Diary Archives