Sunday, July 14, 2024

A New Telekopye Bots That Tricks Users to Steal Payment Details

Phishing bots are a tool used by hackers to fool people into disclosing private information such as-

  • Login credentials
  • Financial details

With the help of these automated tools, threat actors easily create deceptive, harmful emails and websites, which makes it easier for them to take advantage of vulnerabilities and access accounts or systems without authorization.

Cybersecurity researchers at ESET recently unveiled Telekopye bots that trick users into stealing payment details.

New Telekopye Bots

Telekopye is a Telegram bot, and in online marketplaces, this sophisticated bot helps threat actors scam people.

This bot enables its operator to craft several malicious things for illicit purposes, and we have mentioned below a few of them:-

  • Phishing websites
  • Emails
  • SMS messages
Table of contents from onboarding materials (Source – Welivesecurity)

For online scams, through ads in various channels, especially underground forums, Telekopye recruits Neanderthals.

Applicants answer basic questions, and approval by high-ranking members grants full access. Neanderthals must join a communication group and a separate channel for transaction logs.

Recruitment for a Telekopye scamming group (Source – Welivesecurity)

Besides this, there are two types of Neanderthal, and here we have mentioned them below:-

  • One contacts every Mammoth
  • The other one is  selective

Rivalry exists, as the cautious ones favor profit over reckless tactics for less public attention.

Scam prep varies by scenario. For Seller scams, Neanderthals should have extra item photos in case Mammoths ask. If using online pics, edit to avoid image searches. 

Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Meanwhile, for buyer scams, Neanderthals carefully choose mammoths based on gender, age, online experience, ratings, reviews, and trade history.

Neanderthals’ analysis of a typical buyer (Source – Welivesecurity)

In Buyer scams, Neanderthals target Mammoths based on item types—some skip electronics, others favor mobile devices.

Besides this, the manuals suggest items priced between:-

  • 1,000 to 30,000 rubles (€9.50 to €290 as of 20th October, 2023)

Neanderthals employ web scrapers to swiftly sift through online listings, targeting Mammoths for Buyer scams. They scrape marketplace data, focusing on ratings and experience, then use it to find susceptible targets.

Overcoming Mammoths’ preference for in-person transactions, Neanderthals persuade them to opt for online payment and delivery to a phishing site. They divert chats to less-monitored platforms, claiming inconvenience.

About 50% comply, and 20% fall for the scam, rendering a 10% success rate. Email or SMS delivery, using Telekopye for convincing phishing messages, is another favored method. Neanderthals use tricks to obtain Mammoths’ contact info without raising suspicion, avoiding red flags.

Telekopye skips AI for stealth, relying on Neanderthals’ communication expertise in scams. Delayed replies and adapting to Mammoth’s time zone create trust. 

Neanderthals share fake stories, weed out suspicious mammoths, and ensure payment in buyer scams. Language illusion involves Russian-speaking scammers with English proficiency.

However, the group implements strict rules to ensure anonymity, and here below, we have mentioned those:-

  • No info probing
  • VPNs
  • proxies
  • TOR use
  • Cryptocurrency preference

Researchers identified multiple groups operating Telekopye and affirmed that insights into Telekopye’s numerous groups offer valuable lessons to safeguard platform users.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles