- Registrado
- 17 Feb 2007
- Mensajes
- 678
- Puntuación de reacción
- 1.026
- Puntos
- 93
Phishing, be careful!
Lately there has been a new wave of beautiful, high-quality phishing aimed at high-profile targets. They catch federal officials, big businessmen and other wealthy people - and then switch to their contact list.
So, imagine that a good friend adds you to a group and writes:
539a24be62552b886a8cd.jpg
The text leading to the link can be anything: for example, a person embarrassedly explains that his colleagues arranged a stupid vote and he could not refuse. The main thing is that the messages are very lively and personal. If in normal correspondence the interlocutor abuses emoji or puts a space before a comma (sick bastard), then the author’s style will remain the same here. To dispel doubts, you click on his avatar and you will be taken to his profile, where the correct username, phone number and link to the real correspondence history are indicated. What's the catch? The fact is that he himself recently fell for this trick.
But the mutual friends you see in the same group are no longer real. These are bots that wear their faces and names and frame the whole situation in such a way that it would be awkward for you not to support your friend.
5ba7426d08a8cdec075ff.jpg
reflections, grimacing, break free
bb0e131d2802c2e78a380.jpg
all your friends are dead
In the end, you decide to help and follow the link. A quite decent website opens (in this example, the scammers saved on the design, but usually the landing page does not raise any questions).
Just a little bit of help is needed, and sometimes our voice is even decisive!
and the demand is quite reasonable..
and here we say goodbye to the cart
What happens next is a matter of technique. Attackers automatically download all conversations, parse messages into seed phrases and passwords, and most importantly, analyze your interlocutors and your communication style in order to use it for subsequent attacks on the most interesting people from your contact list. Probably, one of these days they will add the generation of circles and voices based on those obtained from correspondence - and a considerable percentage of penetration will increase several times more.
And what will happen, mentioned in the epigraph? Yes, there is one like that. Recently, a vulnerability was found in the Telegram Desktop client for Windows that allows you to remotely execute code on a PC without any action on your part, the so-called. zero-click vulnerability. The bug is hidden in the processing of media content, so if the client’s settings are set to “automatic media loading” (and everyone has it), then just go to the channel or chat with the poisoned video. It’s clear that you have a top-end black MacBook, but what about your chief accountant? Same thing. Let him go to settings, “Advanced”, “Automatic media loading” and disable everything there and everywhere - it will be better.
But this bug will most likely be fixed in the near future (it’s even strange that it’s been around for four days now). But a person will remain vulnerable, so attacks along the vector of social engineering will only increase. Two-factor does not help in such cases, because the person himself enters the password on the phishing site. And if he doesn’t enter it, then his favorite password iloveyou, invented when registering mail on mail.ru in 2004, is already known to a little more than everyone. All that remains is to use AI to spread personalized attacks to the mass segment - and the living will envy the dead.
In short, the average person cannot be saved (the only consolation is that he has nothing much to lose). But for those for whom the damage from a leak of business correspondence may be critical, it makes sense to think about protecting weak points. Not to mention the fact that many people keep their entire personal life in a cart, from account passwords to intimate photos. Imagine what rich opportunities for blackmail will open up if all this ends up in the wrong hands:
will the partners understand?..
To summarize, let me remind you of the basic commandments of Telegram security: separate your work and personal accounts, come up with unique 2FA passwords for them, never enter these passwords in the browser and do not forget to set auto-delete for chats with critical information.
And right now, go to “Settings” => “Security” => “Active Sessions” (or “Settings” => “Devices” on your phone) and take a close look at the listed devices. Is this session from Rotterdam, Netherlands definitely yours?
Lately there has been a new wave of beautiful, high-quality phishing aimed at high-profile targets. They catch federal officials, big businessmen and other wealthy people - and then switch to their contact list.
So, imagine that a good friend adds you to a group and writes:
539a24be62552b886a8cd.jpg
The text leading to the link can be anything: for example, a person embarrassedly explains that his colleagues arranged a stupid vote and he could not refuse. The main thing is that the messages are very lively and personal. If in normal correspondence the interlocutor abuses emoji or puts a space before a comma (sick bastard), then the author’s style will remain the same here. To dispel doubts, you click on his avatar and you will be taken to his profile, where the correct username, phone number and link to the real correspondence history are indicated. What's the catch? The fact is that he himself recently fell for this trick.
But the mutual friends you see in the same group are no longer real. These are bots that wear their faces and names and frame the whole situation in such a way that it would be awkward for you not to support your friend.
5ba7426d08a8cdec075ff.jpg
reflections, grimacing, break free
bb0e131d2802c2e78a380.jpg
all your friends are dead
In the end, you decide to help and follow the link. A quite decent website opens (in this example, the scammers saved on the design, but usually the landing page does not raise any questions).
Just a little bit of help is needed, and sometimes our voice is even decisive!
and the demand is quite reasonable..
and here we say goodbye to the cart
What happens next is a matter of technique. Attackers automatically download all conversations, parse messages into seed phrases and passwords, and most importantly, analyze your interlocutors and your communication style in order to use it for subsequent attacks on the most interesting people from your contact list. Probably, one of these days they will add the generation of circles and voices based on those obtained from correspondence - and a considerable percentage of penetration will increase several times more.
And what will happen, mentioned in the epigraph? Yes, there is one like that. Recently, a vulnerability was found in the Telegram Desktop client for Windows that allows you to remotely execute code on a PC without any action on your part, the so-called. zero-click vulnerability. The bug is hidden in the processing of media content, so if the client’s settings are set to “automatic media loading” (and everyone has it), then just go to the channel or chat with the poisoned video. It’s clear that you have a top-end black MacBook, but what about your chief accountant? Same thing. Let him go to settings, “Advanced”, “Automatic media loading” and disable everything there and everywhere - it will be better.
But this bug will most likely be fixed in the near future (it’s even strange that it’s been around for four days now). But a person will remain vulnerable, so attacks along the vector of social engineering will only increase. Two-factor does not help in such cases, because the person himself enters the password on the phishing site. And if he doesn’t enter it, then his favorite password iloveyou, invented when registering mail on mail.ru in 2004, is already known to a little more than everyone. All that remains is to use AI to spread personalized attacks to the mass segment - and the living will envy the dead.
In short, the average person cannot be saved (the only consolation is that he has nothing much to lose). But for those for whom the damage from a leak of business correspondence may be critical, it makes sense to think about protecting weak points. Not to mention the fact that many people keep their entire personal life in a cart, from account passwords to intimate photos. Imagine what rich opportunities for blackmail will open up if all this ends up in the wrong hands:
will the partners understand?..
To summarize, let me remind you of the basic commandments of Telegram security: separate your work and personal accounts, come up with unique 2FA passwords for them, never enter these passwords in the browser and do not forget to set auto-delete for chats with critical information.
And right now, go to “Settings” => “Security” => “Active Sessions” (or “Settings” => “Devices” on your phone) and take a close look at the listed devices. Is this session from Rotterdam, Netherlands definitely yours?
Original message
Фишинг, будьте осторожны !
Последнее время в телеге идет новая волна красивого, качественного фишинга, направленного на high profile цели. Ловят федеральных чиновников, крупных бизнесменов и других небедных людей — а потом переключаются на их контакт-лист.
Итак, представьте, что хороший знакомый добавляет вас в группу и пишет:
Текст, подводящий к ссылке, может быть любым: например, человек смущенно поясняет, что коллеги устроили дурацкое голосование и он не мог отказаться. Главное, что сообщения очень живые и личные. Если в обычной переписке собеседник злоупотребляет emoji или ставит пробел перед запятой (больной ублюдок), то и здесь авторский стиль сохранится. Чтобы развеять сомнения, вы кликаете по его аватарке — и попадаете в профиль, где указаны правильный юзернейм, номер телефона и ссылка на реальную историю переписки. В чем же подвох? В том, что он сам недавно повелся на этот трюк.
А вот общие друзья, которых вы видите в той же группе, уже не настоящие. Это боты, которые носят их лица и имена и фреймят всю ситуацию так, чтобы вам было неудобно не поддержать товарища.
отражения кривляясь, вырываются на волю
все твои друзья мертвы
совсем чуть-чуть надо помочь, а иногда наш голос даже решающий!
да и требование вполне резонное..
и вот на этом месте мы прощаемся с телегой
Дальнейшее — дело техники. Злоумышленники автоматически скачивают все диалоги, парсят сообщения на сид-фразы и пароли, а главное — анализируют собеседников и ваш стиль общения, чтобы использовать его для последующих атак на самых интересных людей из списка контактов. Вероятно, на днях добавят генерацию кружочков и голосовух на основании добытых из переписки — и немалый процент пробива подрастет еще в несколько раз.
А что же сплоет, упомянутый в эпиграфе? Да, ходит и такой. На днях в клиенте Telegram Desktop под Windows нашли уязвимость, позволяющую удаленно выполнить код на PC вообще без каких-либо действий с вашей стороны, т.н. zero-click vulnerability. Баг прячется в обработке медиа-контента, поэтому если в настройках клиента стоит «автоматическая загрузка медиа» (а она стоит у всех), то достаточно зайти в канал или чат с отравленным видео. Понятно, что у вас-то топовый черный макбук, а у вашего главбуха? То-то же. Пусть зайдет в настройки, "Расширенные", "Автоматическая загрузка медиа" и отключит там все и везде - целее будет.
Но этот баг скорее всего исправят в ближайшее время (даже странно, что он уже четвертый день живет). А вот человек останется уязвимым, поэтому атаки по вектору социальной инженерии будут только нарастать. Двухфакторка в таких случаях не спасает, потому что человек сам вводит пароль на фишинговом сайте. А если и не вводит, то его любимый пароль iloveyou, придуманный при регистрации почты на mail.ru в 2004 году, известен уже чуть более чем всем. Осталось прикрутить AI, чтобы распространить персонализированные атаки на массовый сегмент — и живые позавидуют мертвым.
Короче, обывателя не спасти (утешает лишь то, что ему и терять особо нечего). А вот тем, для кого ущерб от утечки деловой переписки может оказаться критическим, имеет смысл подумать о защите слабых мест. Не говоря уже о том, что многие держат в телеге всю личную жизнь, начиная с паролей к счетам и заканчивая интимными фото. Представьте, какие откроются богатые возможности для шантажа, если всё это окажется в чужих руках:
поймут ли партнеры?..
Подводя итог, позволю себе напомнить основные заповеди телеграм-безопасности: разделяйте свои рабочие и личные аккаунты, придумайте для них уникальные пароли 2FA, никогда не вводите эти пароли в браузере и не забывайте ставить автоудаление на чаты с критической информацией.
А прямо сейчас зайдите в «Настройки» => «Безопасность» => «Активные сессии» (или «Settings» => «Devices» на телефоне) и внимательно присмотритесь к перечисленным устройствам. Вот эта сессия из Rotterdam, Netherlands — точно ваша?
Источник
Última edición por un moderador: