Thursday, November 14, 2024
HomeBotnetA New Telekopye Bots That Tricks Users to Steal Payment Details

A New Telekopye Bots That Tricks Users to Steal Payment Details

Published on

Malware protection

Phishing bots are a tool used by hackers to fool people into disclosing private information such as-

  • Login credentials
  • Financial details

With the help of these automated tools, threat actors easily create deceptive, harmful emails and websites, which makes it easier for them to take advantage of vulnerabilities and access accounts or systems without authorization.

Cybersecurity researchers at ESET recently unveiled Telekopye bots that trick users into stealing payment details.

- Advertisement - SIEM as a Service

New Telekopye Bots

Telekopye is a Telegram bot, and in online marketplaces, this sophisticated bot helps threat actors scam people.

This bot enables its operator to craft several malicious things for illicit purposes, and we have mentioned below a few of them:-

  • Phishing websites
  • Emails
  • SMS messages
Table of contents from onboarding materials (Source – Welivesecurity)

For online scams, through ads in various channels, especially underground forums, Telekopye recruits Neanderthals.

Applicants answer basic questions, and approval by high-ranking members grants full access. Neanderthals must join a communication group and a separate channel for transaction logs.

Recruitment for a Telekopye scamming group (Source – Welivesecurity)

Besides this, there are two types of Neanderthal, and here we have mentioned them below:-

  • One contacts every Mammoth
  • The other one is  selective

Rivalry exists, as the cautious ones favor profit over reckless tactics for less public attention.

Scam prep varies by scenario. For Seller scams, Neanderthals should have extra item photos in case Mammoths ask. If using online pics, edit to avoid image searches. 

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Meanwhile, for buyer scams, Neanderthals carefully choose mammoths based on gender, age, online experience, ratings, reviews, and trade history.

Neanderthals’ analysis of a typical buyer (Source – Welivesecurity)

In Buyer scams, Neanderthals target Mammoths based on item types—some skip electronics, others favor mobile devices.

Besides this, the manuals suggest items priced between:-

  • 1,000 to 30,000 rubles (€9.50 to €290 as of 20th October, 2023)

Neanderthals employ web scrapers to swiftly sift through online listings, targeting Mammoths for Buyer scams. They scrape marketplace data, focusing on ratings and experience, then use it to find susceptible targets.

Overcoming Mammoths’ preference for in-person transactions, Neanderthals persuade them to opt for online payment and delivery to a phishing site. They divert chats to less-monitored platforms, claiming inconvenience.

About 50% comply, and 20% fall for the scam, rendering a 10% success rate. Email or SMS delivery, using Telekopye for convincing phishing messages, is another favored method. Neanderthals use tricks to obtain Mammoths’ contact info without raising suspicion, avoiding red flags.

Telekopye skips AI for stealth, relying on Neanderthals’ communication expertise in scams. Delayed replies and adapting to Mammoth’s time zone create trust. 

Neanderthals share fake stories, weed out suspicious mammoths, and ensure payment in buyer scams. Language illusion involves Russian-speaking scammers with English proficiency.

However, the group implements strict rules to ensure anonymity, and here below, we have mentioned those:-

  • No info probing
  • VPNs
  • proxies
  • TOR use
  • Cryptocurrency preference

Researchers identified multiple groups operating Telekopye and affirmed that insights into Telekopye’s numerous groups offer valuable lessons to safeguard platform users.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Google Unveils New Intelligent, Real-Time Protections for Android Users

Google has once again raised the bar for mobile security by introducing two new...

Chinese National Faces 20 Years of Jail Time for Laundering Millions in Crypto

Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and...

Google to Issue CVEs for Critical Cloud Vulnerabilities

Google Cloud has announced a significant step forward in its commitment to transparency and...

GitLab Patches Critical Flaws Leads to Unauthorized Access to Kubernetes Cluster

GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Unveils New Intelligent, Real-Time Protections for Android Users

Google has once again raised the bar for mobile security by introducing two new...

Chinese National Faces 20 Years of Jail Time for Laundering Millions in Crypto

Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and...

Google to Issue CVEs for Critical Cloud Vulnerabilities

Google Cloud has announced a significant step forward in its commitment to transparency and...