A new scam tricks crypto users by taking over their X accounts without needing passwords or 2FA codes.
- The scam uses a fake “Calendar” app to access accounts.
- It bypasses two-factor authentication and looks very real.
- Crypto experts warn others to check their connected apps on X.
Advanced Scam Targets Crypto Community
A new phishing campaign is spreading through the X platform. It targets crypto community members and influencers. The scam tricks users into clicking a fake link that looks like it comes from a real Google Calendar invite. But when they click, it opens a fake app that gets full control of their X account.
According to developer Zak Cole, the attack is “fully active” and very hard to detect. It doesn’t use fake login pages or steal passwords. Instead, it uses a trick involving X’s own app system. This allows the attacker to bypass two-factor authentication.
How the Attack Works
The scam starts with a message on X. It appears to come from a legit business, like venture firm Andreessen Horowitz. The message includes a link that shows a preview of Google Calendar. But the link actually leads to a domain like “x(.)ca-lendar(.)com” – not the real Google site.
Once clicked, it redirects to a false X login screen. It shows an app called “Calendar,” but it’s not the real calendar app. Hidden characters make it look nearly the same. When users approve the app, it gains access to do almost anything, like post, follow, unfollow, and change settings.
Warning Signs and What to Do
One tip-off is the long list of permissions the app asks for. Another is that after giving access, the user is redirected to Calendly, not Google. This mistake may alert careful users. According to Cole, this is a major error the scammers made.
Ohm Shah, a MetaMask security expert, confirmed this type of scam has been seen spreading. One user, an OnlyFans model, was also attacked, showing that the campaign is growing.
To stay safe, users should visit their X connected apps page and remove any unknown apps named “Calendar.” Cole also shared a GitHub report with more help for those possibly affected.
Source: cointelegraph.com
