Hackers used Telegram to spread spyware targeting users and businesses in the fintech and trading industries
The Kaspersky research team has recently revealed a global malware campaign in which cybercriminals used Telegram to distribute spyware. This malware, a sophisticated Trojan, is designed to steal sensitive data such as passwords and take control of devices for espionage purposes, targeting both individuals and companies in the fintech and trading sectors.
The campaign appears linked to DeathStalker, an Advanced Persistent Threat (APT) actor offering hack-for-hire and financial intelligence services. During the latest attack observed by Kaspersky, DeathStalker attempted to infect victims with DarkMe malware, a remote access Trojan (RAT) capable of stealing information and executing commands from a remote server.
Hackers targeted Telegram channels frequented by enthusiasts and professionals in trading and fintech. This campaign spanned over 20 countries across Europe, Asia, Latin America, and the Middle East.
The infection chain analysis revealed that attackers used malicious archives like RAR or ZIP, attaching them to Telegram posts. Within these archives, seemingly harmless files with extensions like .LNK, .com, and .cmd trigger the infection, leading to the installation of the DarkMe malware.
According to Maher Yamout, a Kaspersky expert, cybercriminals use Telegram channels to bypass security checks: “Using messaging platforms like Telegram builds trust, leading victims to download malware without security warnings, which are less frequent compared to standard internet downloads.”
DeathStalker employs advanced techniques to hide traces: it deletes files and tools used during the attack and enlarges the malware size to evade detection, simulating activities of other APT groups.
To mitigate risks, Kaspersky recommends:
We will send you periodical important communications and news about the digital world. You can unsubscribe at any time by clicking the appropriate link at the bottom of the newsletter.
An interspecies communication breakthrough: Google develops an AI to decode dolphin vocalizations A voice from…
Adding PHP code to WordPress pages can unlock advanced customization, integrate third-party tools, or display dynamic content.…
There are many reasons why you might want to disable Google AdSense on specific pages of your…
Understanding your rivals is key. This article explores the importance of competitor analysis in digital…
Google Search Console is an essential tool for monitoring and optimizing your site's visibility in…
Our SEO Agency rarely has requests to optimize sites made with Google Blogger. However, it…