Telegram Mini Apps Exploited for Crypto Scams and Malware Delivery
A widespread fraud campaign is abusing Telegram's Mini App feature to impersonate brands, run crypto scams, and distribute Android malware.
Researchers have identified a large-scale fraud campaign that exploits the Telegram Mini App feature to conduct crypto scams and distribute Android malware. Attackers are leveraging the platform's ease of use to impersonate well-known brands and lure users into interacting with malicious applications [BleepingComputer].
The campaign primarily targets Android users, using the Mini Apps to deliver malware that can compromise device security, steal sensitive information, or facilitate fraudulent financial transactions. By masquerading as legitimate services, the attackers trick users into granting permissions or downloading malicious payloads, often under the guise of crypto-related rewards or services.
Users are advised to exercise extreme caution when interacting with Mini Apps on Telegram, especially those promising financial gains or requiring external downloads. It is recommended to verify the legitimacy of any service before granting permissions and to ensure that Android devices are protected by reputable security software. Telegram has been notified of the abuse, and users should report suspicious apps through the platform's reporting mechanisms.