Security News
More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB. The automated scam service has been named Classiscam by Group-IB and it's meant to help cybercriminals steal money and payment data from unsuspecting victims, through the use of fake pages mimicking those of legitimate classifieds, marketplaces and delivery services. Simple and straightforward, the scheme has gained a lot of popularity, with over 5,000 scammers registered in the 40 most popular Telegram chats by the end of 2020.
A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. These groups have bought into full-fledged scam kits, equipping them with Telegram chatbots for automated communication with victims, as well as customized webpages that lead victims to phishing landing pages.
Using readily available software and a rooted Android device, he's able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user's precise location.
Some of the brands abused through this scam are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL. Scam expanding to Europe. The scammers publish ads on popular marketplaces and classifieds claiming to offer various products at low prices.
A feature that allows Telegram users to see who's nearby can be misused to pinpoint your exact distance to other users - by spoofing one's latitude and longitude. According to bug-hunter Ahmed Hassan, the "People Nearby" feature could allow an attacker to triangulate the location of unsuspecting Telegram users.
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected. Hassan reported the issue in the hope of a bug bounty only to be told: "Users in the People Nearby section intentionally share their location, and this feature is disabled by default. It's expected that determining the exact location is possible under certain conditions."
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.
Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed.
Hackers with access to the Signaling System 7 used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business. Hackers pulling an SS7 attack can intercept text messages and calls of a legitimate recipient by updating the location of their device as if it registered to a different network.
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.