Telekopye

Malware updated 4 months ago (2024-05-04T19:30:58.720Z)

Download STIX

Preview STIX

Telekopye is a sophisticated malware toolkit used by cybercriminals, particularly Russian hackers, to carry out broad phishing attacks. This malicious software, implemented as a Telegram bot, is designed to create fraudulent links, web pages, QR codes, and deliver convincing images via SMS messages in its phishing campaigns. The toolkit also aids in the creation of phony websites, phishing emails, and text messages. Its primary use has been observed in scamming users on online marketplaces, with the toolkit being leveraged by a suspected Russian threat operation known as Neanderthals. The Telekopye toolkit operates on a unique system that tracks each scammer's success, attributing individual contributions to a shared account. The payment structure from these accounts ranges from a 5% to 40% commission to the administrator, depending on the version of Telekopye used and the role of the Neanderthal. Additional commissions are given to those responsible for recommending the bad actor, followed by the final payout to the scammer. This structured approach has led to a high success rate for the scams facilitated by Telekopye. ESET researchers have provided in-depth analysis of Telekopye, dissecting specific features offered by the toolkit and the different types of scams it facilitates. They have also uncovered the geographical areas targeted by these Neanderthals and their victim selection process. In their discussions, they delve into the dynamics within and between various Neanderthal groups, highlighting how they train each other to effectively utilize the Telekopye toolkit for their malicious activities.

Description last updated: 2024-05-04T16:29:17.702Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Eset

Scam

Bot

Scammer

Malware

Scams

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Neanderthals	has used	3	Neanderthals, a threat actor group identified by ESET researchers, have been exploiting the Telekopye toolkit to execute various types of scams. The group primarily recruits members via advertisements on underground forums and uses Telegram channels for communication and transaction tracking. They e

Source Document References

Information about the Telekopye Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
ESET	9 months ago	ESET Research Podcast: Neanderthals, Mammoths and Telekopye
CERT-EU	9 months ago	68% of US Websites Exposed to Bot Attacks
CERT-EU	9 months ago	Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
CERT-EU	9 months ago	A New Telekopye Bots That Tricks Users to Steal Payment Details
CERT-EU	9 months ago	Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more \| IT World Canada News
ESET	9 months ago	Telekopye's tricks of the trade – Week in security with Tony Anscombe
CERT-EU	9 months ago	Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
ESET	9 months ago	Telekopye: Chamber of Neanderthals’ secrets
CERT-EU	9 months ago	Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU	9 months ago	Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU	10 months ago	Russian Pair Charged with JFK Airport Taxi System Hack for Over 2 Years
CERT-EU	a year ago	Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks
ESET	a year ago	How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe
CERT-EU	a year ago	Organizations in NATO countries claimed to be compromised by hacktivist operation
CERT-EU	a year ago	Scammers Target Online Markets with Telekopye Phishing Toolkit
CERT-EU	a year ago	Cyrus Labs purchased by Malwarebytes
CERT-EU	a year ago	Industrial HMIs at risk of attacks exploiting Rockwell ThinManager vulnerabilities
DARKReading	a year ago	eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot
CERT-EU	a year ago	Telekopye: Hunting Mammoths using Telegram bot