Telegram scammers exploit new malware tactics

Unlike traditional phishing, these scams use fake verification bots in bogus trading and airdrop groups to trick users into downloading harmful software.

A white square with a blue and white Telegram logo

Crypto scammers have increasingly turned to Telegram malware scams, with reports revealing a staggering 2,000% rise in such incidents since November. Unlike traditional phishing scams, these schemes involve fake verification bots within bogus trading, airdrop, and alpha groups, tricking users into downloading malware. Once installed, the malware allows attackers to steal passwords, crypto wallet keys, and browser data.

Security experts have noted this shift as scammers adapt to user awareness of phishing links. Malware tactics, such as fake Cloudflare verification pages and copied text injection, now dominate the landscape. Security firm Scam Sniffer highlighted that these scams target legitimate communities and rely on sophisticated social engineering to lure victims.

The consequences are severe yet difficult to measure, with $2.3 billion stolen in 2024 across 165 incidents, according to Cyvers. Whilst losses in December were lower than usual, scammers continue to evolve their methods, making these attacks increasingly challenging to counter.