Original source: Beosin

Original source: BeosinRecently, cross-platform instant messaging softwareTelegram hacking incident

Frequently, criminals steal users' Telegram accounts through illegal means, and defraud by pretending to be friends.

1. Fraud

secondary title

🧊Cheat TG verification code screenshot

Recently, there is a new type of fraudulent account theft. Scammers pretend to be friends and take screenshots of chat pages for various reasons. It seems harmless, but at the moment the scammers are trying to use your mobile phone number to log in to Telegram. The login verification code (Login code) will be successfully used by scammers to log in to your TG account. The detailed process of cheating is as follows:

1. First get the phone number of your TG account.

If your TG account privacy is set to be visible to anyone, the mobile phone number will be seen by the unfamiliar account; or the scammer first obtains your friend's account, and then inquires your mobile phone number.

2. Fraudulently obtain the login verification code.

Scammers use various reasons to tell you that there is a problem with your account and cheat you into taking screenshots of your chat. Meanwhile, scammers enter your phone number on a new device to try to log in.

For example, the following two speech types:

(1) There are two identical contacts in the chat interface: when encrypted chat is enabled for a contact, two identical contacts will appear in the chat list, as shown in the figure below, the encrypted chat communication will add a put the lock.

(2) Unblocking the account with the assistance of friends: The scammer claims that the account is restricted by the official, and needs a friend to send a verification code to help unblock the account.

When you inadvertently send a chat screenshot containing a login verification code to the other party, if the account does not have two-step verification enabled, the scammer can directly log in to your account through the verification code. The scammer then wipes all devices, changes the password, and proceeds to scam other people in the address book.

🧊Pretending to be an official scam SMS

The fraudulent SMS pretends to be an official Telegram account, claiming that the user's TG account has violated the account usage rules and will be restricted from use, and needs to log in to the website to release the restriction. If the user accidentally clicks on the link, the account can be stolen.

secondary title

🧊Third-party programs with backdoors

Since Telegram does not have a Chinese installation package, ordinary users usually use third-party search engines to find the corresponding Chinese installation program. Therefore, scammers use SEO optimization to attract traffic to their own Telegram Chinese version download website, inducing users to download top-ranked applications.

In the following case, the user downloads a Chinese version of the client from http://www.telegram-china.org (currently invalid), and then sends a trx wallet address through the Chinese version:

image description

Beosin test results

Then close the software and reopen it to find that the wallet address has been replaced with another address.

Beosin test results

secondary title

🧊Malicious Telegram Chinese language pack

Security personnel analyzed that the language pack file is a downloader, which will download various modules after running and try to bypass the detection of security software. In addition, the sample uses methods such as detecting mouse movement to bypass sandbox analysis.

secondary title

Foreign security researchers have discovered that criminal organizations use Telegram bots to steal user OTP tokens and SMS verification codes to complete 2FA (two-factor authentication). Attackers used Telegram bots to obtain account information, including calling victims, impersonating banks and legitimate services, and more. Through social engineering, attackers also trick people into giving them OTP or other verification codes via their mobile devices, which are then used by crooks to defraud users of funds, passwords, session cookies, login credentials, and credit card details from their accounts.

secondary title

🧊 "Cryptocurrency Investing" Scam

To participate, the scammers will ask you to open an account with their special cryptocurrency exchange. At that point, they'll show you a graph showing your investment is increasing, but when you try to withdraw your earnings, the scammer disappears along with your account.

first level title

For the safe use of Telegram, to avoid theft and loss of funds, we put forward the following reference suggestions.

secondary title

🧊Enable two-step verification

Open Setting (Settings) > Privacy and Security (Privacy and Security) > Two-step Verification (two-step verification) to set up, and it is recommended to set up a safe mailbox in the next step, the purpose is to forget the two-step verification password. Reset password through secure email.

secondary title

Check your own software download path. If it is an installation package downloaded by web search, it is recommended to uninstall it directly and then go to the official website to reinstall it. Third-party clients have the ability to obtain and control your account, read all your chat records, and collect identifiable information about your device. For security reasons, be sure to download and use the software through Telegram's official website.

secondary title

Use the Telegram bot service with caution and do not reveal personal data, including name, username, mobile number, email address, password data or any information that could be used to identify you.

secondary title

Don’t trust strangers’ private chats easily, be vigilant to avoid financial loss or stolen information, if you are disturbed, you can choose to block it; do not click on unfamiliar files and links you receive.

secondary title

Send the wallet address and communicate with the other party multiple times for verification; send the wallet address to the other party in the form of a screenshot of the QR code of the wallet, and the other party will identify the wallet address by scanning the code.

secondary title

Regularly check the device IP login status, and force offline the device IP with abnormal login.

secondary title

Telegram only has Contacts, and there is no such thing as "friends". Adding and deleting contacts is a one-way operation, that is, adding or deleting a certain contact will not cause you to be added or deleted in the contact list of the other party. So note that when adding a contact, cancel Share My Phone Number (share my mobile phone number), this option will be checked by default.

secondary title

In Settings –> Privacy and Security, select settings to hide mobile phone number, online status, avatar, forward messages, etc.; set the account to not be pulled into unfamiliar groups by non-friends to reduce the probability of being cheated; do not use the function of people nearby on Telegram.

first level title

Beosin Official Website Launches Safety Verification Function

At the same time, in order to prevent "impersonation" fraud on platforms such as Telegram and Twitter, Beosin's official website has now launched a security verification function.

Customers can enter the employee business card information of the Beosin to contact you, and if verified, it's safe.

On the contrary, if you do not pass, then you may have met a scammer pretending to be a Beosin employee, so please be careful.

Beosin is a world-leading blockchain security company with branches in more than 10 countries and regions around the world. Its business covers code security audits before project launch, security risk monitoring, early warning and blocking, and virtual currency during project operation. "One-stop" blockchain security products + services such as stolen asset recovery, security compliance KYT/AML, etc., have provided security technology services for more than 2,000 blockchain companies around the world, audited more than 3,000 smart contracts, and protected Client assets are as high as more than 500 billion US dollars.

Original link