Ulbricht’s Background and Release
Cybercriminals have exploited the news surrounding the release of Ross Ulbricht, the founder and creator of the dark web marketplace Silk Road, to launch a new malware campaign.
The campaign impersonates Ulbricht via fake X accounts to lure users into joining fraudulent Telegram channels.
Once joined, users are prompted to complete a fake verification process known as Safeguard, where they are tricked into running PowerShell scripts on their devices.
The PowerShell script loads malicious files, including identity-helper.exe, which is suspected to be a downloader used to install tools like Cobalt Strike, which are used to launch ransomware attacks and steal data.
Ulbricht’s background and release
Ulbricht was recently released after being pardoned by US President Donald Trump.
Ulbricht was convicted in 2015 on charges including drug distribution and money laundering for his role in running the notorious Silk Road platform, and was later sentenced to life in prison. Researchers say the attack was carefully designed to avoid detection, and users are advised not to run any suspicious commands or join untrustworthy Telegram channels to avoid falling victim to the campaign.
I'm not sure why this was recommended to me but finding out about the Silk Road and Ross Ulbricht was a fascinating rabbit hole to dive down into. Stay safe everyone. This scheme sounds nasty.