Hackers Aimed to Steal Telegram Accounts

Ukrainian Computer Emergency Response Team CERT-UA is a team that operates under SSSCIP (State Service of Special Communication and Information Protection of Ukraine) and the Cyber Police of Ukraine.

On Tuesday, they announced that cybercriminals are sending malicious telegram links to people. Once the user clicks this link, cybercriminals gain unauthorized access to the telegram accounts which are also capable of stealing One-time codes from SMS.

Along with these, they also gain access to contacts, history of telegram sessions, and much more.

Ukrainian Cyber security actors have blocked the hosting which was used for this attack. However, the attackers are moving to Russian hosts to continue their attack vector.

Ukraine CIP has warned all telegram users not to follow any suspicious links. Setting up an additional password for double authentication is advised. Ending other sessions in telegram except the one in progress can help to reduce this attack vector.


Indicators of Compromise

hxxps: //telegram.org.security [.] ohsxy.com/?access=true&check=
security-check.telegram.org.ohsxy [.] com
telegram.org.security.ohsxy [.] com
ohsxy [.] com
telsec [.] org
45 [.] 150.67.87
193 [.] 106.191.202

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.