In recent revelations, a cybersecurity analysis has brought to light the nefarious activities of a Telegram bot known as Telekopye, utilized by threat actors, codenamed Neanderthals, to orchestrate large-scale phishing scams. ESET security researcher Radek Jizba delves into the functionality of Telekopye, explaining its capability to craft phishing websites, emails, SMS messages, and more. What adds an additional layer of sophistication to this malicious operation is the semblance of legitimacy it adopts, with Neanderthals running the criminal enterprise as if it were a genuine company.

The seller scam involves Neanderthals posing as sellers, enticing unsuspecting Mammoths to purchase non-existent items. Buyer scams see Neanderthals masquerading as buyers to trick merchants (Mammoths) into divulging their financial details. The refund scam, a particularly insidious tactic, entails Neanderthals deceiving Mammoths under the guise of offering a refund, only to deduct the same amount of money again.

Notably, Singapore-based cybersecurity firm Group-IB has previously identified the activity tracked as Telekopye as synonymous with Classiscam, a scam-as-a-service program that has reportedly yielded criminal actors a staggering $64.5 million in illicit profits since its emergence in 2019.

Jizba sheds light on the meticulous preparation involved in these scams, with Neanderthals advised to edit photos to hinder reverse image searches and employing a deliberate process to select Mammoths for buyer scams. This selection process considers factors such as gender, age, online marketplace experience, ratings, reviews, completed trades, and the type of items being sold. The level of preparation suggests a thorough market research phase.

These revelations come at a time when cybersecurity experts from Check Point detailed a rug pull scam that managed to pilfer nearly $1 million by enticing victims to invest in fake tokens. The scam involved executing simulated trades to create a facade of legitimacy before abruptly withdrawing liquidity from the token pool, leaving investors with empty hands and depleted funds. The coordinated efforts of cybercriminals in deploying such intricate and multi-faceted scams underscore the evolving challenges faced by the cybersecurity community in combating online threats.

Source: https://thehackernews.com/2023/11/cybercriminals-using-telekopye-telegram.html