New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia

September 11, 2023

About:

Telekopye is a Telegram bot that can be used to send mass messages and collect data from users. It is believed to be used by Russian cybercriminals to send phishing messages to potential victims. Telekopye is a serious threat, and it is important to be aware of it. If a message is received from any unknown, be careful about clicking on any links in the message.

What happened?

It is a phishing toolkit that was first created in 2015. It is designed to help cybercriminals create and send phishing emails, SMS messages, and other malicious content. Telekopye is used by a variety of cybercriminals, including those in Russia. In 2023, ESET researchers found that Telekopye was being used to power large-scale phishing scams targeting online shoppers in Russia. The scammers would send phishing emails that appeared to be from legitimate online retailers, such as eBay and Amazon.

How it happened?

The scammers would first create a fake website that looked like the real website of a legitimate online retailer.
They would then register a domain name that was similar to the domain name of the legitimate website.
For example, if the legitimate website was www.ebay.com, the scammers might register a domain name like www.ebay.ru.
The scammers would then use the Telekopye Telegram bot to send phishing emails to potential victims.
The emails would appear to be from the legitimate online retailer, and they would contain a link to the fake website.
When the victim clicked on the link, they would be taken to the fake website.
The fake website would look like the real website, and it would ask the victim to enter their personal information, such as their username, password, and credit card number.
Once the victim entered their personal information, the scammers would steal it.
The exact origins of the threat actors, dubbed Neanderthals, are unclear, but evidence points to Russia as the country of origin of the toolkit’s authors and users, owing to the use of Russian SMS templates and the fact that a majority of the targeted online marketplaces are popular in the country.

The Telekopye Telegram bot is being used to target a variety of victims, including:

Online shoppers ,Bank customers , Government employees , Business people and anyone who uses social media

How the Telekopye Telegram bot has been used in phishing scams?

In 2023, ESET researchers found that Telekopye was being used to target online shoppers in Russia. The scammers would send phishing emails that appeared to be from legitimate online retailers, such as eBay and Amazon. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the retailer. The victim would then be asked to enter their personal information, such as their username, password, and credit card number. This information would then be stolen by the scammers.

In 2022, a group of cybercriminals used Telekopye to target bank customers in Russia. The scammers would send phishing emails that appeared to be from the victim’s bank. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the bank. The victim would then be asked to enter their personal information, such as their username, password, and credit card number. This information would then be stolen by the scammers.

In 2021, a group of cybercriminals used Telekopye to target government employees in Russia. The scammers would send phishing emails that appeared to be from the victim’s government agency. The emails would contain a link that, when clicked, would take the victim to a fake website that looked like the real website of the agency. The victim would then be asked to enter their personal information, such as their username, password, and social security number. This information would then be stolen by the scammers.

Remediation:

Be suspicious of any unsolicited emails or messages, especially those that ask for personal information.
Do not click on links in emails or messages from senders you do not know.
Instead, type the URL of the website you want to visit into your browser.
Be careful about what information you share online.
Use a strong password and enable two-factor authentication on your accounts.
Keep your software up to date.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia

Security Team

Related Posts

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure