- Статьи
- Internet and technology
- It's hard to be a Bot: Scammers have started using Telegram's New feature to Steal Data
It's hard to be a Bot: Scammers have started using Telegram's New feature to Steal Data
After the automation of correspondence appeared in Telegram at the end of May, fraudsters began to create fake services and chatbots that, under the guise of assistants for working with messages, can steal user data. Attackers are interested not only in messenger accounts, but also passwords from other services, cryptographic wallet data, and the contents of correspondence. Experts warn that the new scheme may affect thousands of users. How to protect personal information from intruders — in the Izvestia article.
Automation for scammers
Pavel Durov introduced the secretarial bot feature at the end of May, which can be connected to personal messages in Telegram. The user independently determines which chats such an assistant will have access to and whether he will be able to respond on behalf of the account owner. Once configured, the bot can automatically sort messages, highlight urgent requests, prepare responses, process standard requests, and help keep up with correspondence.
While the new service opens up opportunities for businesses and ordinary users, it has become a reason for fraudsters to spread malicious services and steal personal data. Igor Bederov, chairman of the Coordinating Council of the non-governmental security sector of the Russian Federation and founder of the Internet Search company, told Izvestia that there are already the first victims of schemes related to the automation of message processing.
— Our company records a steady shift in the interest of intruders towards legitimate Telegram tools, and the new mechanics of automating incoming messages have become a gift for them. We are witnessing a classic scheme of disguising malicious functionality as useful business tools, only now this is happening in a trusted messenger environment, where the user's vigilance is traditionally dulled," the expert noted.
Users are offered to connect a bot to "smart" sort messages, auto-replies, or work with clients through the built-in CRM system. However, to activate the service, a person is asked to download additional software or log in through a third-party form.
— Under the guise of such auxiliary software, information dealers are distributed — programs that imperceptibly steal saved passwords, session tokens, cookies, and cryptographic wallet data. As a result, attackers gain access not only to correspondence, but also to banking applications, social media accounts and crypto exchanges," explained Igor Bederov.
As Sergey Trukhachev, head of the Smart Business Alert (SBA) service at EA PRO, told Izvestia, during the period from May 7 to May 27 alone, experts discovered about 20 bots that offered to automate chat responses and at the same time probably collected data from correspondence.
— Automation of correspondence using chatbots is a favorable ground for scammers. The information collected from the messages can be used for complex attacks using social engineering, as well as to replenish and update databases for so—called penetration.
An additional threat is that the user's interlocutors are often unaware of the bot's existence and believe that they are communicating with a real person.
— In fact, attackers have the opportunity to "outsource" communication with potential victims to a bot. The user on the other side can fulfill his request — transfer money, click on the link or provide confidential information," explained Sergey Trukhachev.
According to the SBA, several thousand people could already use potentially malicious automation services, while hundreds of users could face data leaks or financial losses. According to Igor Bederov, the total damage from such attacks in Russia alone may already exceed 10 million rubles.
Old schematics in new packaging
We are talking about adapting existing schemes to the new messenger function, according to the experts interviewed.
— As soon as a tool related to access to messages, sessions, or APIs appears in Telegram, attackers almost immediately use it as an excuse to attack. In this case, the new function is presented as free automation of correspondence and communication management," said Pavel Kovalenko, director of the anti—fraud center at Informzashita.
According to him, the user usually faces one of two scenarios. In the first case, he is persuaded to send a confirmation code, a QR code, or data from an active Telegram session. In the second case, they suggest installing a special client, module, or an extended version of the service.
— The first option more often leads to account hijacking, the second — to infection of the device with a virus. The novelty here is precisely in the packaging: automation looks like a legitimate and useful scenario, so under this pretext it is easier to lure access to an account or convince a person to install a malicious file," the expert emphasized.
He also shares the opinion that tens of thousands of users may have already encountered such bots, while the number of really compromised accounts may number in the thousands.
— Scammers traditionally adapt very quickly to any new features of popular platforms, especially when it comes to Telegram with its huge audience and high level of user trust in bots and mini-applications. We regularly receive complaints about the hotline of the regional society Center for Internet Technologies, including fraud with fake chatbots," said Mikhail Shurygin, chairman of the ROCIT Commission on Cloud Technologies and Information Security.
According to the expert, today attackers are actively using AI and automation topics as the most attractive bait for users.
— People are offered free bots for sorting messages, answering machines, integrating with AI, or conducting correspondence. In practice, malware is distributed under the guise of such services. The main danger lies in the fact that many perceive Telegram as a secure ecosystem and lose their basic digital caution," Mikhail Shurygin explained.
Maxim Abramov, head of the Laboratory of Applied Artificial Intelligence at the St. Petersburg Institute of Physics and Technology of the Russian Academy of Sciences, believes that the new scheme fits into a broader trend of increasing attacks on messenger users.
— Telegram currently has about 100 million monthly active users in Russia, and the demand for third-party tools remains high. This makes the platform an attractive target for intruders," the expert noted.
Experts recommend that users do not download software through unknown bots, do not send confirmation codes and QR codes to log into their account, use two-factor authentication and regularly check the list of active sessions.
Переведено сервисом «Яндекс Переводчик»
