Russian hacking tool floods social networks with bots, researchers say


Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds, researchers have discovered.

Called Kopeechka (“penny” in Russian), the service helps to bypass two main “hurdles” for someone trying to create a fake account — email and phone verification.

Cybercriminals could use Kopeechka to carry out misinformation, spamming, and malware promotion campaigns, according to researchers at the cybersecurity firm Trend Micro who analyzed the tool.

For example, the service was used to mass-register accounts on the social media platform Mastodon for conducting large-scale spam campaigns that promoted fraudulent cryptocurrency investment platforms.

The company did not immediately respond to a request for comment.

Social media giants like Instagram, Facebook, and X (formerly Twitter) have long worked to minimize the mass registration of fake accounts, also known as bots, as they are often used by hackers in their illegal activities.

Basic anti-bot measures, like email address and phone number validation, the use of non-suspicious IP addresses, and CAPTCHA – a puzzle on a website designed to confirm that it’s being used by a real person rather than a computer program, are deterrents.

Cybercriminals can bypass CAPTCHAs and IP address reputation checks using automated scripts, but obtaining unique email addresses and phone numbers can be more challenging. That’s when they turn to services like Kopeechka.

How it works

The service has been active since the beginning of 2019 and offers its customers both a web interface and an API.

In addition to major social media platforms like Facebook and X, cybercriminals have used Kopeechka’s API to register accounts on Discord, Telegram and Roblox.

Researchers have also discovered a Python script through Kopeechka that could be used to create accounts on Virus Total, an online service that scans computer files for viruses, implying that some users might be registering these accounts for testing malware detection.

Kopeechka provides users with access to emails received from social media platforms. It does not hand over the mailbox account itself, as it is controlled by Kopeechka, not by a third-party user.

Kopeechka has various email accounts in stock, including with Hotmail, Outlook, Gmail, and The service allows the use of a single email address for multiple registrations on different social media platforms.

Researchers suspect that these email addresses are either compromised or created by Kopeechka actors themselves.

To verify users’ phone numbers during the account registration, Kopeechka offers access to 16 different online SMS services, mostly originating from Russia.

“All these processes can be fully automated, which could allow cybercriminals to create potentially hundreds of accounts or more in just a few seconds, as long as they have enough money in their Kopeechka account,” the researchers said.

According to researchers, the tool is not necessarily illegal, but it facilitates cybercrime operations among lower-skilled criminals.

“We believe that the long-established reputation of Kopeechka plays a role in its popularity with cybercriminals: Malicious actors appear to believe that a product or service is more reliable because of it,” Trend Micro said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Judge tosses Khashoggi widow’s lawsuit against NSO Group

Next Post

Russian hacking tool floods social networks with bots, researchers say

Related Posts

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android
Read More