Scammers are using Telegram channels dedicated to finance and trading to distribute DarkMe malware, which steals user information.
Hackers add archives containing malicious files with .lnk, .com, and .cmd extensions to Telegram posts. Once a user opens them, the DarkMe virus infects their device. With its help, attackers can remotely control the victim's device and steal personal data.
Kaspersky Lab specialists noted that downloading files from applications like Telegram may be perceived by users as a less risky action than downloading from the Internet. But this is not the case.
Previously, a new scam scheme appeared in Telegram under the guise of "security tips". Users receive notifications that their account may be blocked due to suspicious activity. The notification contains a link allegedly to a "system center" that needs to be followed.
Hackers have also learned to send viruses disguised as photos in Telegram. Attackers send a file with the .apk extension and ask a tricky question: "Is this you in the photo?" When a person downloads the image to view it, a malicious program enters their device.
Read more on the topic:
Scammers are again looking for easy money: a new way to deceive has been invented in Telegram
They took up Telegram: scammers came up with a new scheme for stealing accounts in the messenger
Scammers have become active again: Roskachestvo warned about a new way of deception in Telegram