Telekopye

Malware updated 3 months ago (2024-11-29T14:27:48.976Z)

Download STIX

Preview STIX

Telekopye is a malicious software, or malware, that has been utilized by a group of cybercriminals referred to as "Neanderthals" for well-organized phishing campaigns. Since its inception in 2016, Telekopye has facilitated the creation of fraudulent links, web pages, QR codes, and convincing images, primarily via phishing emails, SMS messages, and suspicious downloads. The toolkit has been particularly effective in creating phony websites, enabling the Neanderthals to scam online marketplace users and more recently, travelers in the hotel and apartment booking sector. The Russian hackers have used this custom malware in broad phishing attacks, leveraging it as a Telegram bot to scam marketplace users and defraud travelers. In addition to these activities, Telekopye operators use additional bots for money laundering, market research scraping, and implementing DDoS protection. Notably, there was a surge in accommodation-themed scams in July 2024 which, for the first time, surpassed Telekopye’s original marketplace-targeted scams. To combat the threats posed by Telekopye, cybersecurity firm ESET recommends awareness of the Neanderthals' tactics and exercising caution on affected platforms. Indicators of potential scams include suspicious links and requests for personal information. Using a reputable anti-malware solution is also strongly advised to provide protection against being lured to a phishing website. Despite these countermeasures, the Telekopye groups continue to refine their tools and operations, indicating an ongoing threat to online security.

Description last updated: 2024-10-21T08:31:38.724Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Scams

Eset

Scammer

Bot

Scam

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Neanderthals Threat Actor is associated with Telekopye. Neanderthals, as named by ESET researchers, is a threat actor group that uses the Telekopye Toolkit to execute sophisticated phishing campaigns. These scammers are primarily recruited via advertisements distributed across various online channels, including underground forums. They employ deceptive t	has used	4

Source Document References

Information about the Telekopye Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	23 days ago	ESET Research Podcast: Telekopye, again
InfoSecurity-magazine	5 months ago	Telekopye Scammers Target Booking.com and Airbnb Users
ESET	5 months ago	Telekopye transitions to targeting tourists via hotel booking scam
CERT-EU	a year ago	FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
ESET	a year ago	ESET Research Podcast: Neanderthals, Mammoths and Telekopye
CERT-EU	a year ago	68% of US Websites Exposed to Bot Attacks
CERT-EU	a year ago	Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
CERT-EU	a year ago	A New Telekopye Bots That Tricks Users to Steal Payment Details
CERT-EU	a year ago	Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more \| IT World Canada News
ESET	a year ago	Telekopye's tricks of the trade – Week in security with Tony Anscombe
CERT-EU	a year ago	Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
ESET	a year ago	Telekopye: Chamber of Neanderthals’ secrets
CERT-EU	a year ago	Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU	a year ago	Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU	a year ago	Russian Pair Charged with JFK Airport Taxi System Hack for Over 2 Years
CERT-EU	2 years ago	Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks
ESET	2 years ago	How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe
CERT-EU	2 years ago	Organizations in NATO countries claimed to be compromised by hacktivist operation
CERT-EU	2 years ago	Scammers Target Online Markets with Telekopye Phishing Toolkit
CERT-EU	2 years ago	Cyrus Labs purchased by Malwarebytes