Kaspersky warns of phishing threats targeting Telegram Premium

Kaspersky has warned that fake Telegram Premium offers have been spreading globally, targeting users with phishing scams and malware disguised as alternative app versions. These attacks aim to steal account credentials or compromise devices. The scams capitalize on Telegram Premium’s popularity and gifting feature, making it crucial for users to remain vigilant.
Telegram Premium is a subscription that offers exclusive features, such as faster download speeds, voice-to-text conversion, premium stickers, an ad-free experience, and more. Users can gift a subscription, and scammers capitalize on this gifting feature and the Telegram Premium topic in general.
During the upcoming holiday season, when gifts are expected and celebrations start, it’s crucial to remain cautious to avoid falling into traps like these.
One of the tricks begins when a user receives a message that appears to come from someone in their contact list, whose account may have been hacked. The message claims: “You’ve been sent a gift — a Telegram Premium subscription”. Below, there’s a link that looks legitimate but actually redirects the user to a phishing page, prompting them to log in to Telegram. If victims scan the code or enter their credentials, their account is immediately compromised, giving scammers access to their login details, password, and potentially their authentication code.
There are other tricks referencing the Telegram Premium theme, and not all of them necessarily start with messages on Telegram. Attackers may also use other methods to send phishing links, for example, email.
For instance, perpetrators host fake “giveaways” for Telegram Premium subscriptions. Victims are lured into participating, and in a series of steps, they are directed to a phishing site where they are prompted to enter their Telegram account credentials, ultimately resulting in their account being compromised.

Example of a phishing giveaway exploiting the Telegram Premium topic
Another machination involves cybercriminals sending victims an invitation to download a ZIP archive that claims to contain a version of the messenger service with a “Premium” subscription. The download link redirects users to a phishing page where they are once again asked to log in to Telegram.

Example of phishing disguised as a Telegram Premium offer
Yet another fraud involves distributing malicious software disguised as an alternative version of the Telegram app with a “built-in” Premium subscription. Scammers send victims links to download APK files claiming they are modified versions of the app, but they turn out to be malware.

Example of a page distributing malware disguised as a Telegram app with a Premium subscription
“Phishing schemes capitalizing on the Telegram Premium topic has been observed in several languages, suggesting that the perpetrators operate globally. Even if these scams haven’t yet reached a specific region, there is a probability they could eventually make their way there. Therefore, during the holiday season, it’s especially important to remain cautious and skeptical of offers that seem too good to be true. Additionally, make sure your Telegram security and privacy settings are up to date, and your device has a robust security solution,” advises Olga Svistunova, security expert at Kaspersky.
Scammers continuously evolve their tactics, and new hoaxes can emerge daily. To protect yourself from these threats, consider the following tips from Kaspersky experts:
· Check Kaspersky’s guide for Telegram security and privacy tips.
· Double-check links – including the actual addresses embedded in hyperlinks. In some cases, Kaspersky has seen seemingly legitimate hyperlinks, like https://t.me/premium, having another address behind these letters – that redirect to entirely different phishing pages. Hold the mouse cursor over the link to check actual link.
· Verify links from contacts – if a gift link seems suspicious, confirm with the sender via an alternative communication channel.
· Purchase subscriptions through official channels. For instance, Telegram offers a special bot for purchasing Premium subscriptions.
· Enable two-factor authentication (2FA). This can be the last line of defense, even if the account credentials have been compromised. 2FA tokens can be conveniently stored in a Kaspersky Password Manager.
· Explore other methods cybercriminals use to steal Telegram accounts. Understanding these scams before they occur is crucial for improving cyber hygiene and staying aware of potential threats.
· Avoid downloading unofficial app versions. Kaspersky recommends sticking to official applications, as unofficial ones may be loaded with various types of malware.

Exit mobile version