Russian hacking tool floods social networks with bots, researchers say


Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds, researchers have discovered.

Called Kopeechka (“penny” in Russian), the service helps to bypass two main “hurdles” for someone trying to create a fake account — email and phone verification.

Cybercriminals could use Kopeechka to carry out misinformation, spamming, and malware promotion campaigns, according to researchers at the cybersecurity firm Trend Micro who analyzed the tool.

For example, the service was used to mass-register accounts on the social media platform Mastodon for conducting large-scale spam campaigns that promoted fraudulent cryptocurrency investment platforms.

The company did not immediately respond to a request for comment.

Social media giants like Instagram, Facebook, and X (formerly Twitter) have long worked to minimize the mass registration of fake accounts, also known as bots, as they are often used by hackers in their illegal activities.

Basic anti-bot measures, like email address and phone number validation, the use of non-suspicious IP addresses, and CAPTCHA – a puzzle on a website designed to confirm that it’s being used by a real person rather than a computer program, are deterrents.

Cybercriminals can bypass CAPTCHAs and IP address reputation checks using automated scripts, but obtaining unique email addresses and phone numbers can be more challenging. That’s when they turn to services like Kopeechka.

How it works

The service has been active since the beginning of 2019 and offers its customers both a web interface and an API.

In addition to major social media platforms like Facebook and X, cybercriminals have used Kopeechka’s API to register accounts on Discord, Telegram and Roblox.

Researchers have also discovered a Python script through Kopeechka that could be used to create accounts on Virus Total, an online service that scans computer files for viruses, implying that some users might be registering these accounts for testing malware detection.

Kopeechka provides users with access to emails received from social media platforms. It does not hand over the mailbox account itself, as it is controlled by Kopeechka, not by a third-party user.

Kopeechka has various email accounts in stock, including with Hotmail, Outlook, Gmail, and The service allows the use of a single email address for multiple registrations on different social media platforms.

Researchers suspect that these email addresses are either compromised or created by Kopeechka actors themselves.

To verify users’ phone numbers during the account registration, Kopeechka offers access to 16 different online SMS services, mostly originating from Russia.

“All these processes can be fully automated, which could allow cybercriminals to create potentially hundreds of accounts or more in just a few seconds, as long as they have enough money in their Kopeechka account,” the researchers said.

According to researchers, the tool is not necessarily illegal, but it facilitates cybercrime operations among lower-skilled criminals.

“We believe that the long-established reputation of Kopeechka plays a role in its popularity with cybercriminals: Malicious actors appear to believe that a product or service is more reliable because of it,” Trend Micro said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Russian hacking tool floods social networks with bots, researchers say

Next Post

Toronto Public Library facing disruptions due to cyberattack

Related Posts

What is Nudge Security and How Does it Work?

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to address
Omega Balla
Read More

DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass
Read More

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud
Read More