Dangerous New Telegram Bot Automates Scamming

image provided by pixabay

This post is also available in: עברית (Hebrew)

Wannabe scammers can now perform attacks with no knowledge of IT or cyber using this new and dangerous Telegram bot, the only skill needed is a “silver tongue to persuade their victims.” The bot is used to target buyers of online marketplaces and creates fake listings that disappear once the victim makes a purchase.

The tool is called Telekopye, which is a combination of the words “Telegram” and “kopye” (копье, the Russian word for spear).

ESET researchers have observed several versions of Telekopye, which suggests continuous development. The tool was uploaded to VirusTotal multiple times, primarily from Russia, Ukraine, and Uzbekistan, where the users usually operate. According to Cybernews, all versions allow the creation of phishing webpages, sending phishing emails, and SMS, with some versions able to also store victims’ data (like credit card details and email addresses). Other features include creating QR codes, phishing screenshots, and image manipulation. The only notable feature it lacks is a chatbot AI functionality to help write messages.

To simplify it, Telekopye’s core feature is creating phishing HTML web pages. Scammers need to specify the price, product name, and some additional information depending on the template.

The scammers do not transfer money stolen from victims to their own accounts and instead use a shared Telekopye account controlled by the Telekopye administrator. Telekopye keeps track of how successful each scammer is, according to ESET researchers.

The payment is then split into three parts, the first one being the 5-40% commission to the Telekopye administrator. The second commission goes to the recommender since Telekopye employs a referral system, and then, the actual payout to a scammer is made using a tool called “BTC Exchange bot.”

As a rule of thumb, you should always be cautious when clicking on links in SMS messages or emails, even if they look as if they come from a reputable source since malicious URLs are usually made to look like real links. This tool mimics different payment and bank login sites, credit card payment gateways, or payment pages of different websites, and despite not being perfect, the finished product is usually indistinguishable from the original legitimate website.