In a disturbing development, a new phishing campaign is exploiting Telegram’s authentication processes to gain control over user accounts. This attack signifies a shift from traditional credential theft, opting instead to manipulate the app’s legitimate security mechanisms.
Innovative Attack Methods
Unlike conventional phishing strategies that duplicate login pages to capture passwords, this scheme directly integrates with Telegram’s official authentication procedures. As a result, attackers can bypass usual security measures and acquire full user sessions without triggering immediate alerts.
The approach minimizes user suspicion by imitating standard security checks and verification routines. Victims encounter fake login prompts that support both QR code scanning and manual phone number entries, displayed on temporary domains that mimic Telegram’s design.
How the Phishing Campaign Operates
When users engage with these fraudulent interfaces, they unwittingly trigger genuine login requests initiated by the attackers’ devices. This method was identified by Cyfirma analysts, who highlighted its effectiveness in increasing victim compliance while masking malicious activity.
Once users approve the requests, thinking they are verifying their identity, attackers gain unchallenged access to the account. This allows them to spy on communications and potentially target the victim’s contacts, all without raising standard security alerts.
Technical Sophistication and Evasion Tactics
The campaign’s technical complexity is highlighted by its use of dynamic backend configurations to avoid detection. Instead of embedding phishing logic into the HTML code, the site retrieves instructions from a centralized server through cross-origin API requests.
This setup provides attacker-controlled Telegram API credentials and localized data, enabling consistent authentication across various targets. The phishing pages also mislead users with system messages, encouraging them to approve requests within the trusted Telegram app interface.
To counter these threats, users must exercise caution with in-app authorization prompts. Approve login requests only if initiated personally, avoid scanning QR codes from unknown sources, and regularly check active sessions in Telegram’s settings. Enabling Two-Step Verification adds a vital security layer, requiring a secondary password for session creation even if the initial prompt is approved mistakenly.
Stay informed by following us on Google News, LinkedIn, and X for more updates, and consider setting CSN as a preferred source on Google.
