Cybersecurity

Kaspersky uncovers a global Telegram malware campaign targeting fintech users

Hackers used Telegram to spread spyware targeting users and businesses in the fintech and trading industries

A targeted attack on the fintech sector

The Kaspersky research team has recently revealed a global malware campaign in which cybercriminals used Telegram to distribute spyware. This malware, a sophisticated Trojan, is designed to steal sensitive data such as passwords and take control of devices for espionage purposes, targeting both individuals and companies in the fintech and trading sectors.

Who’s behind the attack: the DeathStalker group

The campaign appears linked to DeathStalker, an Advanced Persistent Threat (APT) actor offering hack-for-hire and financial intelligence services. During the latest attack observed by Kaspersky, DeathStalker attempted to infect victims with DarkMe malware, a remote access Trojan (RAT) capable of stealing information and executing commands from a remote server.

Victims: Telegram users in trading and fintech channels

Hackers targeted Telegram channels frequented by enthusiasts and professionals in trading and fintech. This campaign spanned over 20 countries across Europe, Asia, Latin America, and the Middle East.

The infection process: DarkMe malware in action

The infection chain analysis revealed that attackers used malicious archives like RAR or ZIP, attaching them to Telegram posts. Within these archives, seemingly harmless files with extensions like .LNK, .com, and .cmd trigger the infection, leading to the installation of the DarkMe malware.

Telegram as a discreet attack vector

According to Maher Yamout, a Kaspersky expert, cybercriminals use Telegram channels to bypass security checks: “Using messaging platforms like Telegram builds trust, leading victims to download malware without security warnings, which are less frequent compared to standard internet downloads.”

DeathStalker’s hiding strategy

DeathStalker employs advanced techniques to hide traces: it deletes files and tools used during the attack and enlarges the malware size to evade detection, simulating activities of other APT groups.

Kaspersky’s security advice

To mitigate risks, Kaspersky recommends:

  • Installing trusted security solutions
  • Staying informed about new attack techniques
  • Providing full cyber threat visibility for InfoSec teams
  • Investing in advanced cybersecurity training

Sign up for the newsletter. Stay updated!

We will send you periodical important communications and news about the digital world. You can unsubscribe at any time by clicking the appropriate link at the bottom of the newsletter.

Dopstart

Dopstart è il sito di Paolino Donato ma anche il suo Nickname su Internet. Dopstart è un consulente SEO. Si occupa di posizionamento nei motori di ricerca fin dal 1998. Dal 2010 ha collaborato con Google in qualità di TC per Google News italiano e Google Noticias per i Paesi di Lingua spagnola e dal 2018 come Product Expert vedi curriculum

Share
Published by
Dopstart

Recent Posts

Connecting Blogger to Google Search Console

Google Search Console is an essential tool for monitoring and optimizing your site's visibility in…

1 week ago

SEO for Blogger: complete guide

Our SEO Agency rarely has requests to optimize sites made with Google Blogger. However, it…

2 weeks ago

Domain Problem Blogger Godaddy Without www

We have received several reports of problems with the Godaddy domain connected to Blogger. In…

2 weeks ago

Blocking the Semrush Bot: Why and How to Do It

A client of ours to whom we provide SEO services has specifically asked to use…

2 weeks ago

Typosquatting: what it is and how to prevent

Abstract Typosquatting is a pervasive threat in the digital landscape, exploiting simple errori di ortografia…

3 weeks ago

Google reCAPTCHA Evolves: Mandatory Migration by 2025

Unification Under Google Cloud for Advanced Security and Simplified Management Introduction: A Necessary Change Google…

3 weeks ago