Ross Ulbricht, the controversial creator of the Silk Road, has long been at the center of debates about the intersection of technology and criminal activity. Following a full pardon from US President Donald Trump, a new wave of cybercriminals has emerged, leveraging news of Ulbricht’s case to deliver malware to unsuspecting targets.
By exploiting the news surrounding it, threat actors on X redirect users to a telegram channel where they are tricked into executing PowerShell scripts that infect their devices with malware.
Ross Ulbricht Malware Campaign
According to the latest update from VX Basement researchers, the attack uses a new variation of the popular “click-fix” tactic, but with a twist. Rather than disguising itself as a common error fix, this version pretends to be a CAPTCHA or verification process required to join the channel.
In this case, cybercriminals impersonate Ulbricht using fake but verified accounts on X to lure users to telegram falsely supposedly official channels. Once on Telegram, users encounter a fraudulent “backup” identity verification process, which leads them to a mini app that generates a fake verification dialog and automatically copies a PowerShell command to their clipboard.
Users are then prompted to run the command via the Windows Run dialog box. As such, executing the command triggers a chain of events. Initially, it downloads a PowerShell script, which fetches a zip file from http://openline(.)Cyou. The ZIP file contains several files, including Identity-helper.exe, suspected to be a Cobalt keyloader – a tool frequently used by attackers for remote access and launching ransomware or data theft campaigns.
The entire process is carefully formulated to avoid detection.
Ross Ulbricht released
This development comes after Ulbricht was pardoned and released this week after being imprisoned since 2013 for founding and operating the notorious Dark Web Marketplace Silk Road.
Silk Road was an online marketplace on the TOR network that allowed people to trade illegal items, such as narcotics. Ulbricht operated the site using the pseudonym “Dread Pirate Roberts.” The FBI arrested him in October 2013 and took the site offline.
In 2015, Ulbricht was convicted of charges including drug distribution and money laundering. He was sentenced to life without parole and his appeals in 2017 and 2018 were denied.
Binance FREE $600 (Cryptopotato Exclusive): Use this link to register a new account and receive an exclusive $600 welcome offer on Binance (all details).
Limited offer for crypto readers at Bybit: Use this link to register and open a free $500 position on any coin!
