Kaspersky Global Research has brought to light a sophisticated global cybercrime campaign spearheaded by attackers utilizing Telegram as a conduit to disseminate Trojan spyware. This insidious operation, linked to the notorious hack-for-hire Advanced Persistent Threat (APT) group Deathstalker, specifically targets individuals and corporations within the financial technology (fintech) and trading sectors. The cybercriminals deploy Telegram channels to spread DarkMe, a remote access Trojan (RAT) capable of pilfering sensitive data, including passwords, and executing commands remotely from a server controlled by the malefactors.
The Technique
Malicious File Distribution
Kaspersky Global Research has uncovered a sophisticated global cybercrime campaign. Attackers are leveraging Telegram as a medium to spread Trojan spyware, according to the research. This nefarious operation is linked to the well-known hack-for-hire Advanced Persistent Threat (APT) group, Deathstalker. Their targets are individuals and corporations, particularly in the financial technology (fintech) and trading sectors. The cybercriminals utilize Telegram channels to disseminate DarkMe, a remote access Trojan (RAT). This RAT can steal sensitive data, such as passwords, and execute commands remotely from a server controlled by these malicious actors. The operation’s complexity and global scale highlight the evolving nature of cyber threats, especially those associated with financial contexts. The use of Telegram by cybercriminals underscores the need for vigilance and advanced security measures in communication platforms. This discovery serves as a stark reminder of the importance of cybersecurity, particularly for industries that handle significant financial transactions or sensitive trading information.