Russian hacking tool floods social networks with bots, researchers say

Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds, researchers have discovered.

Called Kopeechka (“penny” in Russian), the service helps to bypass two main “hurdles” for someone trying to create a fake account — email and phone verification.

Cybercriminals could use Kopeechka to carry out misinformation, spamming, and malware promotion campaigns, according to researchers at the cybersecurity firm Trend Micro who analyzed the tool.

For example, the service was used to mass-register accounts on the social media platform Mastodon for conducting large-scale spam campaigns that promoted fraudulent cryptocurrency investment platforms.

The company did not immediately respond to a request for comment.

Social media giants like Instagram, Facebook, and X (formerly Twitter) have long worked to minimize the mass registration of fake accounts, also known as bots, as they are often used by hackers in their illegal activities.

Basic anti-bot measures, like email address and phone number validation, the use of non-suspicious IP addresses, and CAPTCHA – a puzzle on a website designed to confirm that it's being used by a real person rather than a computer program, are deterrents.

Cybercriminals can bypass CAPTCHAs and IP address reputation checks using automated scripts, but obtaining unique email addresses and phone numbers can be more challenging. That’s when they turn to services like Kopeechka.

How it works

The service has been active since the beginning of 2019 and offers its customers both a web interface and an API.

In addition to major social media platforms like Facebook and X, cybercriminals have used Kopeechka's API to register accounts on Discord, Telegram and Roblox.

Researchers have also discovered a Python script through Kopeechka that could be used to create accounts on Virus Total, an online service that scans computer files for viruses, implying that some users might be registering these accounts for testing malware detection.

Kopeechka provides users with access to emails received from social media platforms. It does not hand over the mailbox account itself, as it is controlled by Kopeechka, not by a third-party user.

Kopeechka has various email accounts in stock, including with Hotmail, Outlook, Gmail, and Mail.ru. The service allows the use of a single email address for multiple registrations on different social media platforms.

Researchers suspect that these email addresses are either compromised or created by Kopeechka actors themselves.

To verify users’ phone numbers during the account registration, Kopeechka offers access to 16 different online SMS services, mostly originating from Russia.

“All these processes can be fully automated, which could allow cybercriminals to create potentially hundreds of accounts or more in just a few seconds, as long as they have enough money in their Kopeechka account,” the researchers said.

According to researchers, the tool is not necessarily illegal, but it facilitates cybercrime operations among lower-skilled criminals.

“We believe that the long-established reputation of Kopeechka plays a role in its popularity with cybercriminals: Malicious actors appear to believe that a product or service is more reliable because of it,” Trend Micro said.