The hacker group Telekopye has placed advertisements on underground forums to recruit new members. With their toolkit, even beginners can easily create phishing websites.
Recently, researchers at IT security manufacturer ESET recently discovered a toolkit called Telekopye that allows even less tech-savvy people to commit online fraud. But that's just the tip of the iceberg, as further analysis showed.
“Cybercrime is a business of the highest professionalism. Even if the perpetrators are often called 'gangs' or 'hacker groups', behind them are illegal but highly professional companies with state-of-the-art structures. Marketing, market research, personnel search and financial accounting, very few people would suspect digital illegality,” says security expert Christian Lueg from ESET.
More than just a toolkit: Telecopye
With Telekopye, would-be hackers can easily create phishing websites, send phishing SMS and emails, and take fake screenshots. According to ESET Telemetry, this tool is still in use and is being actively developed. For example, a Telegram bot was implemented to help criminals with their actions. Interestingly, the scammers call themselves “Neanderthals” and refer to the potential victims of their scams as “mammoths.”
“Employee search” with a system
Telecopye groups recruit new Neanderthals through advertisements on many different channels, including underground forums. In these advertisements, the goal is stated bluntly: to defraud users of online marketplaces. As in the legal corporate world, prospective “Telekopye employees” must fill out an application form in which they answer basic questions, e.g. B. what experience they have in this “profession”. If accepted by existing group members of high enough rank, the new Neanderthals can utilize Telecopye's full potential.
Three scams to choose from
There are three main fraud scenarios: seller fraud, buyer fraud, and refund fraud.
- In seller fraud, attackers pose as sellers and attempt to trick unsuspecting victims into purchasing a nonexistent item. If the victim shows interest in the item, they receive a link to the alleged payment page. But behind this is a phishing page in the guise of a legitimate transaction website. Unlike a legitimate website, it requests online banking credentials, credit card details (sometimes including account balance), or other sensitive information. The phishing site automatically steals this data.
- In buyer fraud, the attackers pose as buyers and specifically look for victims. You show interest in an item and pretend to have already paid for it via the platform provided. They then send the victim an email or SMS message (via telecopy) with a link to a carefully crafted phishing website. They then claim that the victim must click on this link in order to receive their money from the platform. The rest of the scenario is very similar to seller fraud.
- In the refund scam, attackers create a situation where the victim expects a refund and then send them a phishing email with a link to a phishing website that, like the other scams, steals sensitive data.
Market research offers sacrifices on the platter
“In almost every group of Neanderthals, we find evidence of online market research manuals from which the Neanderthals draw their strategies and conclusions,” says ESET researcher Radek Jizba, who studied Telekopye. “In the buyer fraud scenario, Neanderthals select their targets based on the type of item being sold, for example. Some groups avoid electronic items completely. The price of the item also plays a role. The manuals recommend that in the buyer fraud scenario, Neanderthals select items priced between €9,50 and €290,” he adds. Additionally, Telekopye attackers use web scrapers to quickly search through many listings on online marketplaces and find a “perfect victim” most likely to fall for the scam.
Golden rules are mandatory
The attackers behind Telekopye firmly believe that law enforcement agencies and researchers have also infiltrated their groups. In order to give these less affectionately called “rats” no chance, a strict code of conduct was developed. Everyone must adhere to this without exception. For example, it is strictly forbidden to search for information that could identify other group members. Violation of these rules may result in exclusion from the group. The golden rule is: “Work more, talk less”.
Until recently, scammers focused on popular Russian online markets such as OLX and YULA. They are now expanding to international platforms, such as BlaBlaCar and eBay.
More at ESET.de
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.
Matching articles on the topic