Building on fundraising efforts to support recently pardoned Silk Road founder Ross Ulbricht, criminals are launching phishing attacks targeting unwitting social media users.
Following Ulbricht’s release from federal prison on Tuesday, donations on X started pouring in and malicious actors wasted no time in spreading scams on X and Telegram.
For example, one marred X account shared a link in the replies claiming to be an official Telegram channel for updates. The post was liked 317 times before it was removed from X.
The message was flagged by the account of cybersecurity education website VX-Underground, which alerted members of its Telegram channel that the link was a malware installer.
“Ross Ulbricht’s X account is being spammed,” wrote VX-Underground. “When you try to view the ‘official’ Ross Ulbricht Telegram channel, it asks you to verify your identity, and it gives free malware!”
Telegram offers third-party verification to help users confirm the legitimacy of contacts and services. However, clicking the fraudulent link in this case led to a fake verification screen. During this process, scammers used a Telegram mini-app to trick users into running malicious code on their devices.
Experts warn that cybercriminals are increasingly using high-profile celebrity names to manipulate unsuspecting victims, exploiting the emotional responses associated with fame and public trust. Last week, scammers in France used AI-generated images of Brad Pitt to scam a woman out of $850,000.
“Celebrity-themed malware is a great example of social engineering at its most effective,” John Price, CEO of cybersecurity firm SubRosa, told Decrypt. “Cybercriminals use public figures because they take advantage of two fundamental aspects of human psychology: trust and curiosity.”
As Price explained, celebrities like Ulbricht are recognizable and often evoke strong emotional responses, making users more likely to click on links or download attachments without questioning their authenticity.
“This tactic works especially well on social media, where users are accustomed to informal and quick interactions, often bypassing scrutiny,” he said.
It’s unclear how many systems were compromised by the Telegram malware that tried to use Ulbricht’s name before X suspended the account. Price emphasized that these scams can have consequences beyond personal losses.
“Compromised devices can lead to corporate breaches, data theft or worse,” he said. “Awareness and vigilance remain the best defenses.”
Generally intelligent Newsletter
A weekly AI journey narrated by Gen, a generative AI model.
