GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new phishing campaign targeting the insurance and finance sectors uses GitHub, Telegram bots, and ASCII QR codes to deliver malware and evade security measures. The attack leverages GitHub links and trusted repositories to distribute Remcos RAT, with the payload delivered via phishing emails. Additional techniques such as blob URLs and QR code-based phishing add complexity to detection, while Telegram bots facilitate scams on platforms like Booking.com and Airbnb.
- GitHub Abuse: Phishing emails include GitHub links to trusted repositories to deliver malware, bypassing security filters.
- Remcos RAT: The campaign distributes Remcos RAT malware via Lua-based loaders that establish persistence and deliver further payloads.
- Malicious GitHub Comments: Attackers use GitHub comments to upload malicious payloads, leaving only the link behind after deletion.
- New Techniques: ASCII QR codes and blob URLs are employed to evade detection and complicate phishing protection.
- Telekopye Telegram Toolkit: The toolkit, once focused on marketplace scams, now targets accommodation booking platforms with interactive phishing attacks.
- Law Enforcement Action: Cybercriminals behind the Telekopye toolkit were arrested in December 2023 by Czech and Ukrainian authorities.
These phishing strategies demonstrate the evolving tactics of cybercriminals in using trusted platforms to bypass security measures and reach unsuspecting victims.
Comment(s)
Categories
- Other (42)
- Ransomware (117)
- Events and News (25)
- Features (44)
- Security (413)
- Tips (79)
- Google (22)
- Achievements (7)
- Products (31)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (175)
- Cyber Attack (216)
- Data Backup (11)
- Data Breach (74)
- Phishing (131)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (53)
- Knoweldgebase (37)
- Botnet (15)
- Updates (3)
- Alert (70)
- Hacking (56)
- Social Media (7)
- vulnerability (50)
- Hacker (31)
- Spyware (8)
- Windows (5)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (4)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (4)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (7)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (4)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (1)
Recent Posts
Archive
Tags
cyber attack
phishing
data breach
ransomware
ransomeware
android malware
cyber security
data stealing
ddos
india
financial security
twitter
phishing email
microsoft
cert-in
cybercrime
malware
pune
vulnerability
cyber crime
independence day
occasion
hacking
telegram
phishing scam
android apps
financial fraud
cyber attack in india
data security
scam
clop gang
pakistani hackers
clop gang extorting
google play store
play store
fedex
user data leak
microsoft team
android
pakistan-backed hacker
whatsapp
clop
malicious apps
email phishing
december cyber attacks
lockbit
cert
cryptojacking
ddos attack
winrar