Phishing Bots Target Telegram Accounts and Cryptocurrency of Russian-Speaking Users
Experts from Kaspersky Lab have uncovered a scheme involving the theft of Telegram accounts and cryptocurrency. Using phishing bots, cybercriminals are targeting owners of digital assets who conduct P2P transactions within the messenger. The company reports that it has already identified several such fake bots.
How the Scam Works
According to researchers, attackers focus on users intending to make cryptocurrency deals through P2P trading on Telegram. They contact these users under the pretense of facilitating a transaction.
At the outset, the potential victim is told that, for security reasons and to comply with regulatory requirements, they must complete KYC (Know Your Customer) verification—otherwise, their crypto wallet will supposedly be frozen. The scammers provide a link to a special authorization service, which is actually a phishing site. There is no real KYC check; the goal is simply to lure the victim into interacting with the phishing bot.
Account Takeover Process
Once the cryptocurrency owner interacts with a Telegram bot with a suspicious name (such as “Wallet KYC”), they are prompted to log in using their Telegram account. The user is asked to disable two-factor authentication in the messenger and confirm this action by clicking a button. Next, they are instructed to provide the authorization code sent by the official Telegram service.
All of these steps are designed to allow the scammers to hijack the victim’s Telegram account and conduct P2P transactions in their name. Through the compromised Telegram account, the criminals gain access to the victim’s Telegram Wallet, putting both the account and any stored cryptocurrency at risk.
Expert Commentary and Safety Tips
“To make their scheme more convincing, scammers often refer to legal requirements—both real and fictitious. Users should always double-check information before responding to such requests. Regardless of the story, any request to disable two-factor authentication or provide a one-time authorization code should be a clear red flag for fraud,” commented Olga Svistunova, Senior Content Analyst at Kaspersky Lab.
Source
Onion Market – a free P2P exchange on Telegram!