Telekopye is a malicious toolkit operating as a Telegram bot, designed to aid scammers in their fraudulent activities, particularly targeting online marketplaces. This toolkit is primarily, but not exclusively, used in Russia as per ESET researchers. Telekopye's functionality centers around creating phishing web pages using premade templates, which are then used to deceive potential victims, referred to as "Mammoths" by the criminals.
The name Telekopye is a portmanteau of "Telegram" and "kopye," which means "spear" in Russian. This reflects its function as an automated tool for crafting phishing web pages. It employs these ready-made templates to replicate legitimate sites, thereby luring victims into entering their sensitive information, such as payment details. The emergence of Telekopye highlights an innovative approach in cybercriminal activities, leveraging popular messaging platforms like Telegram to conduct large-scale phishing scams
IoC
DOMAIN
- youla.id7423.ru
- sbazar.id7423.ru
- olx.id7423.ru
- kufar.id7423.ru
- izi.id7423.ru
- cdek.id7423.ru
- boxberry.id7423.ru
- avito.id7423.ru
- avito-rent.id7423.ru
- pay-sacure4ds.ru
REFERENCES
- https://www.welivesecurity.com/en/eset-research/telekopye-hunting-mammoths-using-telegram-bot/
- https://www.securitricks.com/telekopye-hunting-mammoths-using-telegram-bot-monday-november-27-2023/#:~:text=Here%20is%20the%20latest%20malware,Russia%20according%20to%20eset%20researchers
- https://otx.alienvault.com/pulse/6564d0af3b26263e9db591d9
TAGS
Telegram, Telekopye
No comments:
Post a Comment