Cyberpolice warns of attempted theft of Telegram accounts
Cyberpolice of Ukraine warns of new targeted attacks in Telegram. Attackers distribute messages asking them to verify their account or perform other actions in Telegram via a link that leads to a fake website of the service. In this way, fraudsters gain access to the account and can intercept one-time code from SMS. As a result, attackers steal session data, contact list and correspondence history.
Cyberpolice blocked the hosting from which the attacks were carried out. However, fraudsters are beginning to use Russian hosting. Experts urge to be careful and not to follow suspicious links.
Cyberpolice also advises setting an additional password for two-factor authentication in Telegram, along with an SMS code. Additionally, you must end all sessions on the service, except the current one. You can do this in the settings.
If someone receives a suspicious message, they can contact cyberpolice of Ukraine so that specialists immediately block the harmful resource.
Cyberpolice provides indicators of compromise, which can be used to distinguish fake links:
hxxps://telegram.org.security[.]ohsxy[.]com/?access=true&check=
security-check.telegram.org.ohsxy[.]com
telegram.org.security.ohsxy[.]com
ohsxy[.]com
telsec[.]org
45[.]150.67.87
193[.]106.191.202