More threat actors have been utilizing the Russian automated account creation tool Kopeechka to facilitate cybersecurity scams and fraud, according to The Record, a news site by cybersecurity firm Recorded Future.
Kopeechka, which enables accelerated mass creation of fake social media accounts while evading email and phone verification processes, has been leveraged in a widespread cryptocurrency scam campaign in Mastodon, as well as malicious campaigns in Facebook, X, Telegram, Discord, and Roblox, a report from Trend Micro showed.
Aside from being given access to emails from various social media platforms, attackers using the service have also been provided access to various mostly Russia-based online SMS services to create hundreds of fraudulent accounts within seconds.
"We believe that the long-established reputation of Kopeechka plays a role in its popularity with cybercriminals: Malicious actors appear to believe that a product or service is more reliable because of it," said Trend Micro researchers.