In the realm of cybercrime, a potent new threat has emerged under the moniker of “Telekopye.” This ingenious toolkit, a fusion of Telegram and the Russian word “kopye,” meaning “spear,” has ushered in a new era of automated phishing attacks. Crafted as a streamlined system, Telekopye swiftly generates convincing phishing web pages from a selection of pre-designed templates.
These counterfeit URLs are then dispatched to potential victims, codenamed Mammoths in the criminal underworld. ESET researcher Radek Jizba sheds light on this malicious innovation, describing Telekopye as a Telegram bot sporting user-friendly menus with clickable buttons. This design accommodates multiple scammers simultaneously, streamlining the phishing process. The toolkit’s origins point towards Russia, suggested by the utilization of Russian SMS templates and the focus on online marketplaces popular in the country.
Surprisingly, the roots of this operation trace back to at least 2015, indicating a sustained commitment to this illicit endeavor. The attack sequence begins with Neanderthal actors building rapport with Mammoth targets, followed by the dissemination of nefarious links generated through the Telekopye phishing kit. These deceptive URLs are dispatched via various communication channels, such as email, SMS, or direct messages.
Once victims input their payment details into the fraudulent credit/debit card gateway, the acquired information is exploited to drain their funds, which are subsequently funneled through cryptocurrency for money laundering.
Remarkably fully-featured, Telekopye empowers its users with capabilities ranging from sending phishing emails and generating web pages to crafting SMS messages, QR codes, and convincing images of fabricated checks and receipts.
Adding to the sophistication of the operation is the strategic hosting of phishing domains. By crafting URLs that incorporate the expected brand name, the criminals make detection challenging. Furthermore, the operation showcases centralized payouts, wherein stolen funds are channeled into a shared account managed by the Telekopye administrator. This modus operandi allows the core team oversight over each Neanderthal’s activities.
The hierarchy within this criminal ecosystem includes administrators, moderators, workers, and a system of incentives and commission fees that mirror a professional business setup.In light of this evolving threat, caution is advised. ESET’s Radek Jizba recommends verifying transactions and insisting on in-person exchanges when dealing with online marketplaces to mitigate risks associated with these Neanderthal-initiated scams.
It’s essential to remain vigilant and informed about the techniques and tools that cybercriminals employ to safeguard oneself and online assets.
