New Finance Scam Discovered Abusing Niche X/Twitter Advertising Loophole
Essential information
- Published
- 09/05/2025 17:49
- Modified
- 09/05/2025 17:55
- Tags
- 2025-05-09 apple brand impersonation cryptocurrency domain redirection url spoofing x/twitter
- Related entities
- 65 observables, 7 techniques (mitre), 9 others
Description
A new financial scam has been uncovered that exploits a loophole in X/Twitter's advertising display URL feature. The scam spoofs legitimate domains like CNN while directing users to a cryptocurrency scam website impersonating Apple's brand. The fraudulent site promotes a fake 'iToken' and includes false endorsements from Apple's CEO. Nearly 90 similar sites dating back to 2024 have been identified, likely operated by the same threat actor group. The campaign uses various tactics including URL spoofing, domain redirection, and brand impersonation to lure victims. Multiple cryptocurrency wallets are provided for payments, and the scam includes a loyalty program to encourage larger investments. The threat actors are also reusing specific files and favicons across their network of malicious domains.