Download our Guide to Penetration Testing to learn everything you need to know to successfully plan, scope and execute your penetration testing projects
Once someone writes software code, it can be quickly and easily replicated and shared. Digital reproduction doesn't require costly transportation to ship it around the world in an instant. This ease of sharing digital products enables wondrous productivity, but also enables malware developers to support low-skilled attackers at scale. "Script Kiddies" as they are known, can easily download sophisticated attack tools built by teams of skilled malware developers.
In this article, we will review a tool that follows this scenario, being used in targeted online scams. Nicknamed TeleKopye (a concatenation of "Telegram" and "копье", the Russian word for spear), this phishing tool kit was first discovered by ESET security in 2023. Let's dig into the details.
TeleKopye is a phishing toolkit designed for conducting online scams via Telegram. It appears to have been developed by Russian-speaking individuals and is primarily used to target Russian victims on the Telegram platform.
Functioning as a Telegram bot, TeleKopye facilitates the creation of phishing web pages and the distribution of phishing emails and SMS messages. Some versions of TeleKopye also have the capability to store stolen victim data, such as credit card details or email addresses, on the server. This information is then collected by scammers and either sold on the Dark Web marketplaces or used directly for fraudulent transactions.
It is important to note that TeleKopye does not include any chatbot AI functionality. It does not independently carry out scams but rather simplifies the generation of the content used in such malicious activities. However, as noted by security expert Bruce Schneier, attacks only get better with time. We can expect that in the future Generative AI Chatbots will be integrated with TeleKopye to automate the social engineering aspect of the scam process. This would also allow the tool to be used at greater scale.
Scammers using the TeleKopye toolkit refer to their victims as "Mammoths," highlighting the hunting aspect of exploitation. These scammers, dubbed "Neanderthals" for their crude yet effective tactics, operate primarily in Russia, Ukraine, and Uzbekistan. TeleKopye enables them to craft phishing attacks with ease, simplifying scams without requiring advanced IT skills.
Despite its unsophisticated chatbot-free design, TeleKopye’s continuous development and widespread use in targeting online marketplaces, including platforms beyond Russia, underscore its significance in the scam ecosystem.
TeleKopye was distributed en-mass when it was uploaded to VirusTotal in 2023. However, it is not a traditional computer virus. Better classified as a social engineering toolkit, Telekopye is a Telegram-based toolkit that streamlines phishing attacks. The main goal of attackers using Telekopye is to steal sensitive information, primarily payment card details or online banking credentials, from their victims. This enables the attackers to commit financial theft or sell the stolen information on cybercriminal markets for profit.
Through the use of phishing websites, automated tools, and deceptive communication tactics, scammers can efficiently target users on online marketplaces and accommodation booking platforms. Its primary target has evolved from online marketplaces to accommodation booking platforms like Booking.com and Airbnb.
Here is how a Telekopye attack works:
Compromised Accounts: Scammers access accounts of legitimate hotels or booking providers using stolen credentials
Victim Selection: Identify recent bookings or unpaid reservations to target users with personally relevant phishing attempts
Phishing Web Pages: Automatically generated fake pages mimic legitimate booking sites, prefilled with accurate booking details
Communication Channels: Victims are contacted via platform chats or emails that resemble official communications
Payment Card Harvesting: Fake forms collect payment card details, enabling financial theft
Advanced Telekopye Features:
Web Scrapers: Automate extraction of target details from online platforms
Chatbots with Translation: Facilitate scam interactions in multiple languages
Anti-DDoS Measures: Protect phishing sites against competitor disruptions
Scrutinize the Seller or Host: Check the account history, ratings, age, and location. Be cautious of accounts with no history, low ratings, or distant locations, as they may indicate scams. Don’t rely solely on grammar; instead, evaluate the tone. Overly eager or assertive messages can signal a scam. Since scammers may use compromised accounts, contacting accommodation providers directly may not verify legitimacy. Instead, reach out to the platform’s official customer support for help.
Stay On-Platform: Keep all communications and transactions within the platform. A request to move off-platform is a major red flag. Always complete transactions using the platform’s secure payment systems. If unavailable, opt for in-person exchanges or secure delivery services with payment on delivery. Complete all bookings and payments only on the platform’s official website or app. External URLs may indicate fraud.
Apply Online Security Best Practices: Protect your account by using strong passwords and enabling two-factor authentication whenever possible. If directed to a link, scrutinize the URL, content, and security certificate before interacting with the site
Account Verification: Implement strict account verification, including identity checks and AI-driven fraud detection, to reduce the number of fake or compromised accounts. While this may reduce the number of sellers in the short-term, in the long term your brand reputation will thrive and attract premium pricing for those looking for security assurances.
Secure Communication Channels: Enforce policies that restrict off-platform communication, and introduce features that flag or block users who attempt to move discussions off-platform.
Enhanced Fraud Monitoring: Use AI to detect unusual activity patterns with focused attention on newly created accounts that generate high messaging activity or abnormal transaction behaviors. Automatically scan and warn users about suspicious or phishing links shared within the platform.
Two-Factor Authentication (2FA): Require or strongly encourage 2FA for all user accounts to minimize account compromises. This helps protect established accounts from being used for fraud activities. A Zero-Trust authentication model can be used to re-authenticate users when performing sensitive transactions.
Secure Payment Systems: Mandate the use of integrated payment systems and disable external payment options to prevent phishing attacks.
Incident Reporting and Support: Simplify the process for users to report suspicious activity, and ensure customer support teams are trained to handle scam-related queries efficiently.
User Education: Regularly educate users on recognizing scams through alerts, tutorials, and onboarding guides.
Due to the nature of digital content, hacker tools can be distributed globally with ease. TeleKopye is a Telegram-based phishing toolkit designed for online scams, targeting marketplaces and accommodation booking platforms like Booking.com and Airbnb. Though lacking AI functionality, TeleKopye simplifies scams for low-skilled attackers.
The tool itself is capable of creating phishing web pages and distributing fraudulent emails and SMS messages. Once attackers gain access to compromised accounts, advanced tools including web scrapers, built-in language translation, and anti-DDoS measures, and fake forms allow attackers to steal payment card details and banking credentials.
Online marketplaces can reduce scams by implementing strict account verification, enforcing secure communication policies, and leveraging AI for fraud monitoring. Educating users, requiring two-factor authentication, and integrating secure payment systems further protect against scams while enhancing user trust and brand reputation.
Share your details, and a member of our team will be in touch soon.
Take a look at our sample Application Penetration Testing report to get a better understanding of what information will be delivered in the final report.
Download Sample ReportOur Application Penetration Testing Methodology is derived from the OWASP Top 10:2021 and has been enhanced with current threats and our overall experience in the industry.
Download MethodologyDownload our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.
Download GuideFebruary 04 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
December 25 - Blog
It's official: Packetlabs has been recognized as one of the top penetration testing companies in 2024 on review platform Clutch.
December 10 - Blog
Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.
© 2024 Packetlabs. All rights reserved.