New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
About:
Telekopye is a Telegram bot that can be used to send mass messages and collect data from users. It is believed to be used by Russian cybercriminals to send phishing messages to potential victims. Telekopye is a serious threat, and it is important to be aware of it. If a message is received from any unknown, be careful about clicking on any links in the message.
What happened?
It is a phishing toolkit that was first created in 2015. It is designed to help cybercriminals create and send phishing emails, SMS messages, and other malicious content. Telekopye is used by a variety of cybercriminals, including those in Russia. In 2023, ESET researchers found that Telekopye was being used to power large-scale phishing scams targeting online shoppers in Russia. The scammers would send phishing emails that appeared to be from legitimate online retailers, such as eBay and Amazon.
How it happened?
- The scammers would first create a fake website that looked like the real website of a legitimate online retailer.
- They would then register a domain name that was similar to the domain name of the legitimate website.
- For example, if the legitimate website was www.ebay.com, the scammers might register a domain name like www.ebay.ru.
- The scammers would then use the Telekopye Telegram bot to send phishing emails to potential victims.
- The emails would appear to be from the legitimate online retailer, and they would contain a link to the fake website.
- When the victim clicked on the link, they would be taken to the fake website.
- The fake website would look like the real website, and it would ask the victim to enter their personal information, such as their username, password, and credit card number.
- Once the victim entered their personal information, the scammers would steal it.
- The exact origins of the threat actors, dubbed Neanderthals, are unclear, but evidence points to Russia as the country of origin of the toolkit’s authors and users, owing to the use of Russian SMS templates and the fact that a majority of the targeted online marketplaces are popular in the country.
The Telekopye Telegram bot is being used to target a variety of victims, including:
Online shoppers ,Bank customers , Government employees , Business people and anyone who uses social media
How the Telekopye Telegram bot has been used in phishing scams?
In 2023, ESET researchers found that Telekopye was being used to target online shoppers in Russia. The scammers would send phishing emails that appeared to be from legitimate online retailers, such as eBay and Amazon. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the retailer. The victim would then be asked to enter their personal information, such as their username, password, and credit card number. This information would then be stolen by the scammers.
In 2022, a group of cybercriminals used Telekopye to target bank customers in Russia. The scammers would send phishing emails that appeared to be from the victim’s bank. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the bank. The victim would then be asked to enter their personal information, such as their username, password, and credit card number. This information would then be stolen by the scammers.
In 2021, a group of cybercriminals used Telekopye to target government employees in Russia. The scammers would send phishing emails that appeared to be from the victim’s government agency. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the agency. The victim would then be asked to enter their personal information, such as their username, password, and social security number. This information would then be stolen by the scammers.
Remediation:
- Be suspicious of any unsolicited emails or messages, especially those that ask for personal information.
- Do not click on links in emails or messages from senders you do not know.
- Instead, type the URL of the website you want to visit into your browser.
- Be careful about what information you share online.
- Use a strong password and enable two-factor authentication on your accounts.
- Keep your software up to date.