Attackers focused on phishing techniques are increasingly using Telegram to automate their activities and offer a variety of services.
The findings come from Kaspersky’s cybersecurity experts, who described the new trend in Wednesday’s advisory authored by web content analyst Olga Svistunova.
“To promote their ‘merchandise’, phishers create Telegram channels through which they educate viewers about phishing and entertain subscribers with polls,” Svistunova explains. “Links to the channel go viral via YouTube, GitHub, and the phishing her kits they create.”
Read more about mobile app-based attacks: Telegram, WhatsApp Trojans target cryptocurrency wallets
Many channels Kaspersky observed helped users automate routine malicious workflows such as generating phishing pages and collecting user data.
Technically speaking, the phishing kits presented as part of these campaigns were relatively primitive and typically included scripts to receive user credentials and forward them to bots. rice field. Still, Svistunova said these campaigns were effective.
“What are these fake pages that are easy to generate? Victims clicking links in messages that promise […] Get 1000 likes on TikTok and you’ll see a realistic login form. “
Kaspersky also noticed other Telegram channels used to sell online banking credentials.
“These have been checked and account balances have also been extracted,” reads the recommendation. “The higher your balance, the more money scammers typically charge for your credentials.”
Svistunova’s team also warned against Telegram channels promoting phishing-as-a-service activities.
“Scammers are using the Telegram channel to sell various subscriptions, including customer support,” she wrote.
“Support includes providing regular updates to links generated by phishing tools, detection prevention systems, and phishing kits.”
Despite the variety of techniques Fisher uses on Telegram, Kaspersky says there are easy ways to find them.
“Malicious sites generated by phishing bots are hosted on the same domain, share portions of HTML code, or both,” wrote Svistunova. “A total of 1483 attempts to access pages on that domain have been detected since the domain appeared.”
Kaspersky’s advisory comes nearly four months after Cofense reported an 800% increase in the use of Telegram bots as a phishing destination from 2021 to 2022.
Editorial image credit: rafapress / Shutterstock.com
