Experts have discovered the spread of malware through bots in Telegram

A malware distribution scheme for attacking Android-based mobile devices using bots has been discovered in the Telegram messenger. Victims are encouraged to download modified popular games (mods) and applications. To promote them, the attackers create Telegram channels about Roblox, Minecraft and other popular children's games. Evgeny Egorov, a leading analyst at F6's Digital Risk Protection department, told Izvestia about this on April 16.

For example, the Roblox Mods channel (245,000 subscribers) offers to download mods for Roblox ("flight", "high jump", "walking through walls") and other games, as well as the TikTok application without restrictions and ads.

By clicking on the link, the user gets into a bot that requires subscribing to several Telegram channels, after which he provides access to the apk file. Malicious Android software (PC) is hidden in the link. It can steal bank data, logins, passwords, execute remote commands, and change device settings.

"On Telegram, you can find many game channels purporting to feature mods, bonuses, or the distribution of domestic currency. There are also channels that lead to hacked versions of crack games. <...> You can not only be disappointed that subscribing to channels did not bring the desired robux, but also compromise your smartphone by infecting it with malware," he said.

Who didn't hide: how scammers force children to leave home

Experts talked about ways to protect teenagers from criminals online

According to F6, about 570 thousand users opened the bot in a month. At the same time, he appears in advertisements in various Telegram channels about such games as, for example, Minecraft, Brawl Stars, Subway Surfers, Standoff 2. The file names change depending on which channel the user clicked through from.

F6 recommended downloading an application or game from the official website, purchasing game currency only on verified sites, and not clicking on suspicious links. The company called on parents to teach their children digital hygiene, for example, to explain that it is forbidden to communicate with strangers in messengers, click on suspicious links, and participate in questionable contests and free gift giveaways.

The company's Digital Risk Protection specialists provided Telegram technical support with information in order to block the bot.

On April 14, Egorov told Izvestia that the owners of popular Russian-language Telegram channels are one of the priority targets for fraud attacks. According to him, the interception of access to channel management allows cybercriminals to extort money for the return of the channel, spread fakes, requests for financial assistance and malicious links.