Ukrainians warned about a new hacker attack on Telegram

A Twitter user known to the community as Molfar has warned Ukrainians against phishing attacks on the Telegram messenger. Those who click on dubious links that are currently being sent out en masse in chats may become victims of the attackers.

How it works: Telegram users' accounts are hacked and links to phishing sites are sent on their behalf. Usually, the message says something like «I'm participating in a contest, please vote for me.»

How the hacking takes place: a person logs in to Telegram, and at this point, their personal data is «merged» to a third-party subdomain. If the user has two-factor verification, the phishing site directs the victim to the next subdomain, where questions «to verify the user» are listed in Russian. If the hack is successful, the attackers will have full access to the Telegram account, to all correspondence, including media files.

Molfar emphasizes that the primary malicious link is posted on the konkurs-golos domain [.]ltd. The domain data is hidden, and the payment for its operation was made only two weeks ago

The enthusiast was also able to find an extraneous code snippet in the messenger code that was added to the original.

Earlier, fact-checkers from Detector Media and Raccoon Notes reported another hacker attack. The media outlets found a bot that finds hidden data and photos of Telegram users and writes manipulative messages. It is noteworthy that the malicious spam resembles a kind of «happiness letter»: after the account is hacked, a message about the bot is sent to five of the user’s friends in personal dialogs on behalf of the user.