Telekopye

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Telekopye is a sophisticated malware toolkit used by cybercriminals, particularly Russian hackers, to carry out broad phishing attacks. This malicious software, implemented as a Telegram bot, is designed to create fraudulent links, web pages, QR codes, and deliver convincing images via SMS messages in its phishing campaigns. The toolkit also aids in the creation of phony websites, phishing emails, and text messages. Its primary use has been observed in scamming users on online marketplaces, with the toolkit being leveraged by a suspected Russian threat operation known as Neanderthals. The Telekopye toolkit operates on a unique system that tracks each scammer's success, attributing individual contributions to a shared account. The payment structure from these accounts ranges from a 5% to 40% commission to the administrator, depending on the version of Telekopye used and the role of the Neanderthal. Additional commissions are given to those responsible for recommending the bad actor, followed by the final payout to the scammer. This structured approach has led to a high success rate for the scams facilitated by Telekopye. ESET researchers have provided in-depth analysis of Telekopye, dissecting specific features offered by the toolkit and the different types of scams it facilitates. They have also uncovered the geographical areas targeted by these Neanderthals and their victim selection process. In their discussions, they delve into the dynamics within and between various Neanderthal groups, highlighting how they train each other to effectively utilize the Telekopye toolkit for their malicious activities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Phishing
Bot
Eset
Scam
Scammer
Scams
Malware
Maas
Russia
Gbhackers
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Neanderthalshas used
3
Neanderthals, a threat actor group identified by ESET researchers, have been exploiting the Telekopye toolkit to execute various types of scams. The group primarily recruits members via advertisements on underground forums and uses Telegram channels for communication and transaction tracking. They e
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Telekopye Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
ESET
7 months ago
ESET Research Podcast: Neanderthals, Mammoths and Telekopye
CERT-EU
8 months ago
68% of US Websites Exposed to Bot Attacks
CERT-EU
8 months ago
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
CERT-EU
8 months ago
A New Telekopye Bots That Tricks Users to Steal Payment Details
CERT-EU
8 months ago
Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more | IT World Canada News
ESET
8 months ago
Telekopye's tricks of the trade – Week in security with Tony Anscombe
CERT-EU
8 months ago
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
ESET
8 months ago
Telekopye: Chamber of Neanderthals’ secrets
CERT-EU
8 months ago
Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU
8 months ago
Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
CERT-EU
8 months ago
Russian Pair Charged with JFK Airport Taxi System Hack for Over 2 Years
CERT-EU
a year ago
Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks
ESET
10 months ago
How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe
CERT-EU
a year ago
Organizations in NATO countries claimed to be compromised by hacktivist operation
CERT-EU
a year ago
Scammers Target Online Markets with Telekopye Phishing Toolkit
CERT-EU
a year ago
Cyrus Labs purchased by Malwarebytes
CERT-EU
a year ago
Industrial HMIs at risk of attacks exploiting Rockwell ThinManager vulnerabilities
DARKReading
a year ago
eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot
CERT-EU
a year ago
Telekopye: Hunting Mammoths using Telegram bot