Novel Telegram bot leveraged in phishing operations

Malicious Telegram bot Telekopye has been leveraged by suspected Russian threat operation Neanderthals to create fraudulent links, web pages, and QR codes, as well as deliver SMS messages and convincing images in its phishing campaigns, The Hacker News reports. Attacks by Neanderthals involve luring victims into clicking a malicious link, which would redirect to a fake credit/debit card page seeking their financial information to facilitate fund exfiltration efforts, an ESET report revealed. Meanwhile, stolen funds have been sent to the Telekopye admin's account, with Neanderthals receiving payouts after sending requests to the phishing toolkit. Researchers also found the highly organized nature of Telekopye users and operators ranging from blocked users to administrators. "The easiest way to tell whether you are being targeted by a Neanderthal trying to steal your money is by looking at the language used. Insist on in-person money and goods exchange whenever possible when dealing with secondhand goods on online marketplaces. Avoid sending money unless you are certain where it will go," said ESET researcher Radek Jizba.