- Статьи
- Internet and technology
- News of fraud: scammers have become more likely to deceive Russians with fake messengers
News of fraud: scammers have become more likely to deceive Russians with fake messengers
Russians are faced with a new wave of the spread of fake messengers: cybercriminals have changed tactics and instead of offering to download "alternative Telegram builds" they began to promote supposedly "secure resources of a new generation". According to experts, over the past three months, fraudsters have registered more than 13 thousand domains to promote such services, and the number of such incidents has increased by 20%. Under the guise of secure and decentralized platforms, attackers distribute malicious software, remote access tools, and programs to steal user data.
A wave of fake messengers
The number of cases when users became victims of a fraudulent scheme with fake messengers increased by 20% in the first four months of the year compared to the same period in 2025, the Internet Search company reported. The attackers offer to download fake applications, passing them off as "secure messengers of the new generation." After installing the infected software, fraudsters gain access to users' personal data and can steal money if banking services and billing accounts are linked to the device. In addition, more than 200 new ads for the sale of such malicious assemblies appeared on the darknet during the year.
Limited access to familiar services and the distrust of some users of new domestic platforms have increased interest in decentralized means of communication. Messengers that work without a central server or a single management company have become more actively downloaded in Russia, said the head of Smart Business Alert (SBA) at ESA PRO (part of Cross Technologies Group). Sergey Trukhachev. According to him, in such services, messages are transmitted directly between users or through a network of independent nodes. This provides a higher level of anonymity, lock resistance, and additional data protection.
The expert noted that if previously such solutions were in demand mainly among users who pay special attention to the confidentiality of correspondence, now there is widespread interest in them. This is actively used by scammers.
— At the same time, the deception scheme is based not around fictional applications, but around real-world solutions. This significantly increases user confidence in phishing resources," Sergey Trukhachev emphasized.
He added that along with installing an allegedly secure messenger, the user can receive cryptographers, keyloggers (programs that record all keystrokes and then transmit this information to fraudsters) and other malware that can collect data from the device unnoticed for years.
According to the expert, in April alone, the attackers registered more than 4.7 thousand domains associated with supposedly secure and decentralized messengers. Over the past three months, the number of such resources has reached approximately 13.6 thousand. On average, scammers create more than 150 similar sites every day.
A steady increase in the number of such attacks has been observed since about the middle of last year, said Igor Bederov, Chairman of the Coordinating Council of the non-governmental security sector of the Russian Federation, founder and owner of the Internet Search company.
— If earlier scammers promoted "pure Telegram without censorship", now the rebranding to "anonymous messenger" works like a magnet, — he explained.
According to him, the attackers promote such applications through Telegram channels, search results and advertising on social networks. Trojans, hidden miners, and vulnerabilities may be found inside Android installation files.
— The most unpleasant thing is that a person voluntarily gives the application access to everything on the phone, believing that he is downloading a "security benchmark," said Igor Bederov.
According to him, about 40% of such fake applications contain remote control modules that turn a user's smartphone into a botnet node for DDoS attacks or spam.
— Scammers actively use the topic of "secure communication" as a bait for users. Now the focus has shifted to supposedly new secure messengers that promise anonymity, resistance to blocking and confidentiality of correspondence," added Pavel Kovalenko, director of the anti—fraud center at Informzashita.
According to the company, in 62% of cases, malware is distributed through APK files for Android disguised as patches or optimization programs. Another 46% of attacks are carried out through messengers, bypassing official application distribution channels. In addition, in 2026, the share of incidents related to the modification or cloning of mobile applications reached 63%.
The development of artificial intelligence technologies has greatly simplified the creation of malicious versions of popular applications, said Nikolay Anisenya, head of development at PT MAZE and a representative of Positive Technologies. According to him, if earlier such attacks required complex reverse engineering and high technical qualifications, now even attackers can create dangerous modifications without serious training.
Dmitry Kalinin, a cybersecurity expert at Kaspersky Lab, added that messengers have long been one of the key vectors of attacks on mobile devices. According to him, the attackers use both completely fake applications without real functionality, as well as Trojan versions of real services. The Mamont Banking Trojan, SparkCat cryptostealer, and other malware were distributed under the guise of these resources.
Why businesses will have to strengthen cybersecurity
The problem of malicious modified applications began long before the current surge in interest in secure messengers, said Anton Bochkarev, CEO of information security companies 3side and 4sec.
According to him, the first major wave was the modification of TikTok after restricting access to new content for Russian users. Then similar schemes began to be used with Telegram and other popular services. Moreover, both ordinary users and corporate employees who do not comply with the basic requirements of information security in the enterprise become victims.
"Any application that becomes unavailable due to locks or restrictions quickly turns into a bait for intruders," the expert explained.
He stressed that installing fake messengers and applications carries the risks of intercepting SMS codes, circumventing two-factor authentication, and stealing correspondence, contacts, and corporate information. The risks are particularly high for employees of companies that use work devices to install unofficial software.
Russian business is still only forming a full-fledged cybersecurity culture, says Marianna Nechetova, Kaspersky Lab's Kaspersky Security Awareness expert.
According to her, constant interaction between HR and information security departments is built only in 11% of companies, and in 19% of organizations there is no formally assigned specialist responsible for raising employee awareness in the field of cybersecurity.
"It is important to move away from one—time measures and not only train staff regularly, but also to convey to employees and managers the value of cyber hygiene training," she stressed.
Director of Information Technology and Cybersecurity hh.ru Tatiana Fomina believes that the development of an information security culture is becoming one of the key factors for business sustainability.
"When a person understands why they need to change their password regularly or use a second security factor, the rules cease to be perceived as a formality and become part of the corporate culture," the expert noted.
The experts interviewed believe that scammers quickly adapt to changes in the information agenda. In their opinion, users' interest in decentralized messengers will continue in the near future.
Переведено сервисом «Яндекс Переводчик»
