Fake Goblin Town Twitter account. Lures via tagging potential victims. Posted a linktree to initially hide the malicious domain.
Due to misconfiguration, an open directory can be accessed via the domain, leading to the download of the drainer kit: /goblin-towm.wtf/goblintownz.zip
Used Zapper_fi API auth:
Basic Y2YwYTQzNDItNjNmOS00NjBjLTkzNTAtMWUxNTIyZTRhMmUxOg==
cf0a4342-63f9-460c-9350-1e1522e4a2e1
RPC infura_io: /mainnet.infura.io/v3/8d15dd68b697464abf8c45cf43410c03
Telegram bot:
5572877848:AAHFiKjDTbpBuBOPxSN85ZHCV9u1iysUc28
malicious actor
chat id: 5481659179
username: xxxxboss