Telegram marketplaces fuel phishing attacks with easy-to-use kits and malware

Phishing Attacks

Cybersecurity researchers are drawing attention to the “democratization” of the phishing ecosystem due to the rise of Telegram as an epicenter for cybercrime, allowing threat actors to mount a mass attack for as little as $230.

“This messaging app has transformed into a bustling hub where seasoned cybercriminals and new entrants exchange illicit tools and insights, creating a murky and well-oiled supply chain of victim tools and data,” said Guardio Labs researchers Oleg Zaytsev and Nati Tal. said in a new report.

“Free samples, tutorials, kits, and even hired hackers: everything it takes to set up a complete end-to-end malicious campaign.”

This isn’t the first time the popular messaging platform has come under the radar for facilitating malicious activity, driven in part by lenient moderation efforts.

As a result, what was previously only available on invite-only forums on the dark web is now easily accessible through public channels and groups, opening the doors of cybercrime to ambitious and inexperienced cybercriminals.

In April 2023, Kaspersky revealed how phishers are creating Telegram channels to educate novices about phishing, and how they are advertising bots that can automate the process of creating phishing pages to collect sensitive information such as login credentials.

One such malicious Telegram bot is Telekopye (also known as Classiscam), which can create fraudulent web pages, emails, and text messages to help threat actors conduct large-scale phishing attacks.

Phishing attacks

Guardio said the building blocks for setting up a phishing campaign can be easily purchased from Telegram – “some are offered at very low prices, and some even for free” – making it possible to set up scam pages through a phishing kit, hosting the page on a compromised WordPress website via a web shell, and using a backdoor mailer to send the emails.

Backdoor mailers, marketed by various Telegram groups, are PHP scripts that are injected into already infected but legitimate websites to send persuasive emails through the legitimate domain of the exploited website to bypass spam filters.

“This situation highlights a dual responsibility for site owners,” the researchers said. “They must not only protect their business interests, but also protect against the use of their platforms by scammers to host phishing schemes, send deceptive emails and conduct other illegal activities, all without their knowledge.”

Phishing attacks

To further increase the chance of success of such campaigns, the digital marketplaces on Telegram also offer so-called ‘letters’. These are ‘expertly designed, branded templates’ that make the email messages appear as authentic as possible to trick victims into clicking. the fake link pointing to the scam page.

Telegram also hosts bulk datasets of valid and relevant email addresses and phone numbers that we can target. Also called ‘leads’, they are sometimes ‘enriched’ with personal information such as names and physical addresses to maximize impact.

“These leads can be incredibly specific, tailored to each region, niche, demographic, specific business customers and more,” the researchers said. “Every piece of personal information contributes to the effectiveness and credibility of these attacks.”

The way these lead lists are created can vary from seller to seller. They can be obtained from cybercrime forums that sell data stolen from hacked companies, or from sketchy websites that encourage visitors to complete a fake survey to win prizes.

Another crucial part of these phishing campaigns is a way to monetize the collected stolen credentials by selling them in the form of ‘logs’ to other criminal groups, giving the threat actors a tenfold return on their investment, based on the number of victims who end up providing valid details on the scam page.

“Logins for social media accounts are sold for as little as a dollar, while bank accounts and credit cards can be sold for hundreds of dollars, depending on their validity and balances,” the researchers said.

“Unfortunately, anyone can launch a significant phishing operation with just a small investment, regardless of prior knowledge or connections in the criminal underworld.”

#Telegram #marketplaces #fuel #phishing #attacks #easytouse #kits #malware

Notify of
Inline Feedbacks
View all comments
Previous Post
SaaS Cybersecurity Rules

Understanding new SaaS cybersecurity rules

Next Post
Zero-Day Flaws

Ivanti reveals two new Zero-Day flaws, one of which is being actively exploited

Related Posts