Cybersecurity researchers are calling attention to the “democratization” of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. “This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and […]
More details have emerged about a malicious Telegram bot called Telekopye that’s used by threat actors to pull off large-scale phishing scams. “Telekopye can craft phishing websites, emails, SMS messages, and more,” ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to […]
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. […]
Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF. “Most likely active since July 2020 and since July 2022, respectively, […]
A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning “spear” in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed […]
The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel. The Fourth News, a Malayalam news portal, said that a Telegram bot on the channel “hak4learn” was providing access to the private information of millions of Indians. As mentioned […]
Numerous updates and alterations were witnessed in the major malware families employed in phishing scams during the first quarter of 2023, alongside significant variations in TTPs. The Cofense Intelligence team has recently published Active Threat Reports, which provide insights into the latest malicious email threats. At the same time, all these reports are based on […]
A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). “Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors,” cybersecurity company Uptycs said in a […]
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and […]
Telegram is becoming an increasingly popular platform for users as well as cyber-criminals. It has become a Mini Dark-web since 2021 when cyber threat actors have been using them. The services these threat actors offer vary from Automation of Phishing, selling Phishers kits, and setting up a custom phishing campaign for everyone willing to pay. […]
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. “All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets,” ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first […]
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then […]
The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. “A copycat website, mimicking the Shagle service, is used to distribute StrongPity’s mobile backdoor app,” ESET malware researcher Lukáš Štefanko said in […]
This weekend, vpnMentor researchers identified in Telegram 4 storage files with a total of 8.7 GB of information belonging to customers of MGM Resorts International, a hotel and entertainment company. Although the exact number of people affected has not been confirmed, specialists estimate that the leak is made up of at least 30 million individual […]
An unidentified threat actor has been linked to an actively in-development malware toolkit called the “Eternity Project” that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the latest […]
The database containing 10GB worth of user information of three VPN services such as ChatVPN, SuperVPN, and GeckoVPN was leaked in the Telegram Groups. On May 7th, 2022, the data of 21 million users was leaked, exposing the personal details and login credentials of the users. The Data Breach: Telegram uses encryption and offers its […]
An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with “simple” backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it’s tracking under the moniker UNC3313, which it assesses with […]
After steady research, it has been discovered that there are fake Telegram installers online with malicious intent. By distributing a malicious downloader alongside the actual Telegram for the desktop installer, the Purple Fox rootkit is widely spread. Through joint efforts between Minerva Labs, a cybersecurity team, and MalwareHunterTeam, some shocking discoveries were made. In a […]
The cybersecurity experts at Trend Micro have found a very suspicious activity of Purple Fox operators. This Purple Fox malware installs further malicious payloads on all the devices that are already infected or compromised. The threat actors have noticed that the attacks generally take advantage of legitimate software for implementing malicious payloads. The vulnerability has […]
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That’s according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. “This threat actor was able to leave most […]
We all know that social media platforms and instant messaging services are really unfriendly to the privacy of their users, although we are not always clear about how this invasion of our confidential information occurs. However, thanks to the work of Mallory Knodel and the Center for Democracy and Technology, it was possible to know […]