Telegram Mini Apps Exploited for Widespread Crypto Scams and Malware Distribution

Telegram Mini Apps Exploited for Widespread Crypto Scams and Malware Distribution

First seen 3 May 2026, 14:48 UTC Bleepingcomputerwww.ctm360.comScworld 86% similarity 67.2

Article Content

Browse articles
ThreatCluster

Cybersecurity researchers have identified a large-scale fraud operation utilizing Telegram's Mini App feature, named FEMITBOT. This platform enables threat actors to run various scams, including fake cryptocurrency platforms and financial services, while impersonating well-known brands like Apple and Coca-Cola. The operation employs Telegram bots to display phishing sites within the app, creating a seamless experience for users. Victims are often shown fake dashboards with misleading balances and are pressured to make deposits to withdraw funds. Additionally, some Mini Apps attempt to distribute Android malware disguised as legitimate applications. The infrastructure allows for rapid deployment and campaign optimization, indicating a sophisticated approach to fraud. Users are advised to exercise caution when interacting with Telegram bots promoting crypto investments.

Key Points: • FEMITBOT exploits Telegram Mini Apps for crypto scams and malware distribution. • Threat actors impersonate major brands to enhance credibility and lure victims. • The operation uses a shared backend for multiple phishing domains and campaigns.

ThreatCluster AI

Timeline

2026-05-03
CTM360 report on FEMITBOT published
2026-05-03
BleepingComputer article on Telegram scams published

Community

Browse all →