Telegram Mini Apps Exploited for Widespread Crypto Scams and Malware Distribution

Severity: High (Score: 67.2)

Sources: www.ctm360.com, Bleepingcomputer

Summary

Cybersecurity researchers have identified a large-scale fraud operation utilizing Telegram's Mini App feature, named FEMITBOT. This platform enables threat actors to run various scams, including fake cryptocurrency platforms and financial services, while impersonating well-known brands like Apple and Coca-Cola. The operation employs Telegram bots to display phishing sites within the app, creating a seamless experience for users. Victims are often shown fake dashboards with misleading balances and are pressured to make deposits to withdraw funds. Additionally, some Mini Apps attempt to distribute Android malware disguised as legitimate applications. The infrastructure allows for rapid deployment and campaign optimization, indicating a sophisticated approach to fraud. Users are advised to exercise caution when interacting with Telegram bots promoting crypto investments. Key Points: • FEMITBOT exploits Telegram Mini Apps for crypto scams and malware distribution. • Threat actors impersonate major brands to enhance credibility and lure victims. • The operation uses a shared backend for multiple phishing domains and campaigns.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Apple (company)
• BBC (company)
• CineTV (company)
• Claro (company)
• Coca-Cola (company)
• EBay (platform)
• Android (platform)
• Telegram (platform)
• Financial (industry)
• Femitbot (malware)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Meta Tracking Pixels (tool)
• Telegram bots (tool)
• TikTok Tracking Pixels (tool)