Kaspersky Global Research and Analysis Team (GReAT) recently uncovered a global campaign, where attacks used Telegram to deliver Trojan spyware, targeting individuals and businesses in the fintech and trading industries. The Trojan spyware steals sensitive data and takes control of users’ devices for espionage purposes.
The campaign is suspected to be connected to DeathStalker, an infamous hack-for-hire APT (Advanced Persistent Threat) actor offering specialized hacking and financial intelligence services.
Threat actors attempted to infect victims with DarkMe malware – a remote access Trojan (RAT), designed to steal information and execute remote commands from a server controlled by the perpetrators. They appear to have targeted victims in the trading and fintech sectors, as technical indicators suggest the malware was likely distributed via Telegram channels focused on these topics. From its investigation, Kaspersky has identified victims in over 20 countries across Europe, Asia, Latin America, and the Middle East.
Attackers were most likely attaching malicious archives to posts on Telegram channels that contained harmful files with extensions like .LNK, .com, and .cmd. These files will lead to the installation of the final-stage malware, DarkMe, when launched by victims.
“While we typically advise vigilance against suspicious emails and links, this campaign highlights the need for caution when dealing even with instant messaging apps like Skype and Telegram,” shared Maher Yamout, Lead Security Researcher from GReAT.
For personal security, Kaspersky recommends the following measures:
- Install a trusted security solution and follow its recommendations. Then secure solutions will solve most problems automatically and alert you if necessary.
- Staying informed about new cyberattack techniques can help you recognize and avoid them. Security blogs help stay on track with brand-new threats.
To safeguard against the advanced threats, Kaspersky security experts recommend organizations to:
- Provide your InfoSec professionals with in-depth visibility into cyberthreats targeting your organization. The latest Kaspersky Threat Intelligence will supply them with rich and meaningful context across the entire incident management cycle and help to identify cyber risks in time.
- Invest in additional cybersecurity courses for your staff to keep them up to date with the latest knowledge. With practically-oriented Kaspersky Expert training, InfoSec professionals can advance their hard skills and be able to defend their companies against sophisticated attacks. You can choose the most appropriate format and follow either self-guided, online courses or trainer-led live courses.
- To protect the company against a wide range of threats, use solutions from Kaspersky Next product line providing real-time protection, threat visibility, investigation, and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one when needed.
Leave a comment