The researchers found a huge botnet, mimicking real Twitter accounts to spread cryptocurrency fraudulent schemes.
The botnet was discovered by a research team Duo Security while checking 88 million Twitter accounts this summer. To detect bots, malicious accounts, etc. researchers have applied machine learning.
Thus Duo Security was able to identify a three-tier network, consisting of more than 15 thousand bots. Scammers have used them to spread the classical scheme: the Twitter users offered to translate by a small amount fans, promising big profit. Since then, the network was modernized in order to make it more difficult to detect.
The principles of operation of the botnet was set out in the report presented recently to Duo Security conference Black Hat on cyber security.
According to the researchers, the scammers register a fake account, imitating the real account regarding cryptocurrencies. To alert Twitter users about their own promotions bots go to real account and leave comments under tweets, attaching a link to a fake website. In addition, among the subscribers many fake accounts there are "hub accounts" are necessary to "legitimize".
In the botnet also has "bots amplifiers" ― the other fake accounts, likewsie fraudulent tweets, thereby inflating the popularity of these tweets and giving legitimacy to all fraudulent scheme.
Despite the fact that Twitter is trying to deal with such cryptocurrency schemes, the researchers note non-decreasing activity of botnets in social networks. "We believe that this problem still needs a solution," the report says. However, Duo Security found a method that allows you to connect bots for subsequent exposure of the entire botnet.
In the near future, the researchers plan to demonstrate ways of dealing with botnets in Twitter. Team members hope that this will help to develop new mechanisms to identify and eliminate malicious bots to "Twitter and other social networking sites remained healthy online debate and the formation of different communities."