Researchers have discovered a new Telegram bot that allows hackers to commit fraud without needing to be particularly well versed in IT, a new report has said.
According to ESET Research, the new bot ‘Telekyope’ is used by scammers to target buyers of online marketplaces looking for discounts, as it allows the creation of fake listings for goods that they neither own nor intend to sell.
Once the victim pays, the listing vanishes.
“This toolkit is implemented as a Telegram bot that, when activated, provides several easy-to-navigate menus in the form of clickable buttons that can accommodate many scammers at once,” the researchers warned.
The Telekyope toolkit is formed by combining two words, ‘Telegram’ and ‘kopye’ (the Russian word for spear).
Telekopye generates and sends phishing emails and SMS messages based on predefined templates. Telekopye is intended to target online marketplaces, primarily but not exclusively in Russia, according to the report.
“Victims of this scam operation are called Mammoths by the scammers and several leads point to Russia as the country of origin of the toolkit’s authors and users. For the sake of clarity, and following the same logic, we will refer to the scammers using Telekopye as Neanderthals,” the researchers explained.
The new toolkit was uploaded to VirusTotal (a security firm) several times, mostly from Russia, Ukraine, and Uzbekistan, where “Neanderthals” typically operate.
All versions support the creation of phishing webpages, as well as the transmission of phishing emails and SMS. Some versions can also save data from victims, such as credit card numbers and email addresses.
Other features include QR code generation, phishing screenshots, and image manipulation. Telekopye does not include chatbot AI functionality to assist in message writing, the report mentioned.
The researchers advised users to exercise caution when clicking on links in SMS messages or emails, even if they appear to be from a trusted source. URLs are typically designed to resemble real links.