摘要:OnesuchmaliciousTelegrambotisTelekopye(akaClassiscam),whichcancraftfraudulentwebpages,emails,SMSmessagestohelpthreatactorspullofflarge-scalephishingscams...
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.
网络安全研究人员正在引起对电报作为网络犯罪中心而导致网络钓鱼生态系统"民主化"的关注,使威胁行为者能够以仅花费230美元进行大规模攻击。
"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs researchers Oleg Zaytsev and Nati Tal said in a new report.
"该消息应用程序已经转变为一个繁忙的中心,经验丰富的网络犯罪分子和新手可以在其中交换非法工具和见解,从而创建了一个黑暗而高效的工具和受害者数据供应链,"Guardio Labs研究员Oleg Zaytsev和Nati Tal在一份新报告中说。
"Free samples, tutorials, kits, even hackers-for-hire -- everything needed to construct a complete end-to-end malicious campaign."
"免费样品、教程、套件,甚至雇佣黑客-构建完整的恶意活动所需的一切。"
This is not the first time the popular messaging platform has come under the radar for facilitating malicious activities, which are in part driven by its lenient moderation efforts.
这不是这个受欢迎的消息平台首次因促进恶意活动而受到关注,其中部分原因是其宽松的监管努力。
As a result, what used to be available only on invite-only forums in the dark web is now readily accessible via public channels and groups, thereby opening the doors of cybercrime to aspiring and inexperienced cyber criminals.
因此,过去只能在暗网的邀请制论坛上获得的内容现在可以通过公共渠道和群组轻松获取,从而为渴望成为和经验不足的网络犯罪分子敞开了大门。
In April 2023, Kaspersky revealed how phishers create Telegram channels to educate newbies about phishing as well as advertise bots that can automate the process of creating phishing pages for harvesting sensitive information such as login credentials.
2023年4月,卡巴斯基揭示了网络钓鱼者如何创建电报频道来教育新手有关网络钓鱼的知识,并广告化能够自动创建用于收集敏感信息(如登录凭据)的网络钓鱼页面的机器人。
One such malicious Telegram bot is Telekopye (aka Classiscam), which can craft fraudulent web pages, emails, SMS messages to help threat actors pull off large-scale phishing scams.
其中一个恶意的电报机器人是Telekopye(又名Classiscam),它可以制作欺诈性的网页、电子邮件和短信消息,帮助威胁行为者进行大规模网络钓鱼诈骗。
Guardio said the building blocks to construct a phishing campaign can be readily purchased off Telegram – "some offered at very low prices, and some even for free" – thereby making it possible to set up scam pages via a phishing kit, host the page on a compromised WordPress website via a web shell, and leverage a backdoor mailer to send the email messages.
Guardio表示,构建网络钓鱼活动的基本工具可以在电报上轻松购买-"有些以非常低的价格提供,甚至有些是免费的",因此可以通过钓鱼套件设置欺诈性页面,在受感染的WordPress网站上托管页面,使用后门邮件程序发送电子邮件。
Backdoor mailers, marketed on various Telegram groups, are PHP scripts injected into already infected-but-legitimate websites to send convincing emails using the legitimate domain of the exploited website to bypass spam filters.
后门邮件程序是在已感染但合法的网站中注入的PHP脚本,用于使用受操纵网站的合法域名发送令人信服的电子邮件,以绕过垃圾邮件过滤器。
"This situation highlights a dual responsibility for site owners," the researchers said. "They must safeguard not only their business interests but also protect against their platforms being used by scammers for hosting phishing operations, sending deceptive emails, and conducting other illicit activities, all unbeknownst to them."
"这种情况突显了网站所有者的双重责任,他们不仅必须保护自己的商业利益,还必须防止攻击者利用他们的平台进行托管网络钓鱼操作、发送欺骗性电子邮件和进行其他非法活动,而他们自己却对此毫不知情。"
To further increase the likelihood of success of such campaigns, digital marketplaces on Telegram also provide what's known as "letters," which are "expertly designed, branded templates" that make the email messages appear as authentic as possible to trick the victims into clicking on the bogus link pointing to the scam page.
为了进一步提高此类活动的成功率,电报上的数字市场还提供了所谓的"信函",这些"专业设计的品牌模板"使电子邮件看起来尽可能真实,以欺骗受害者点击指向欺诈性页面的虚假链接。
Telegram is also host to bulk datasets containing valid and relevant email addresses and phone numbers to target. Referred to as "leads," they are sometimes "enriched" with personal information such as names and physical addresses to maximize the impact.
电报还托管包含有效和相关的电子邮件地址和电话号码的大量数据集,用于定向攻击。这些数据被称为"潜在客户",有时还会"丰富"个人信息,如姓名和实际地址,以最大程度地提高影响力。
"These leads can be incredibly specific, tailored for any region, niche, demographic, specific company customers, and more," the researchers said. "Every piece of personal information adds to the effectiveness and credibility of these attacks."
"这些潜在客户可以非常具体,适合任何地区、领域、人口统计学、特定公司的客户等等,"研究人员表示。"每一条个人信息都增加了这些攻击的有效性和可信度。"
The way these lead lists are prepared can vary from seller to seller. They can be procured either from cybercrime forums that sell data stolen from breached companies or through sketchy websites that urge visitors to complete a fake survey in order to win prizes.
准备这些潜在客户清单的方式可以因卖方而异。它们可以从销售从遭到侵犯的公司窃取的数据的网络犯罪论坛中获得,也可以通过那些敦促访问者完成虚假调查以赢取奖品的可疑网站获得。
Another crucial component of these phishing campaigns is a means to monetize the collected stolen credentials by selling them to other criminal groups in the form of "logs," netting the threat actors a 10-fold return on their investment based on the number of victims who end up providing valid details on the scam page.
这些网络钓鱼活动的另一个关键组成部分是将收集的盗取凭证以"日志"的形式出售给其他犯罪团伙,根据最终提供有效详细信息的受害者人数,威胁行为者能够获得10倍的回报。
"Social media account credentials are sold for as little as a dollar, while banking accounts and credit cards could be sold for hundreds of dollars — depending on their validity and funds," the researchers said.
"社交媒体帐户凭证的售价仅为1美元,而银行帐户和信用卡的售价可能高达数百美元-具体取决于它们的有效性和资金。"研究人员表示。
"Unfortunately, with just a small investment, anyone can start a significant phishing operation, regardless of prior knowledge or connections in the criminal underworld."
"不幸的是,只需很少的投资,任何人都可以开始一项重大的网络钓鱼行动,而不论其以前的知识或在犯罪世界的关系。"
