Fraudsters spread Mamont trojan via Telegram, putting payment data at risk

Fraudsters are using the Telegram messenger to distribute a dangerous trojan, disguised as a video file, which can compromise victims' payment data and personal information.

The malicious file, sent in the form of an '.apk' application, is often presented under the guise of a video purportedly showing the victim, Caliber.Az reports citing Russian media.

According to the directorate for the organization of the combating of illegal use of information and communication technologies under Russia’s Ministry of Internal Affairs, these attacks typically start with messages asking, "Is that you in the video?" The file name may also include the word “video,” but the file itself is a disguised malware with the '.apk' extension.

The malicious campaign targets various groups, including military personnel, by sending these files to unsuspecting users. Once opened, the infected file installs the Mamont trojan on the user's device, enabling attackers to access sensitive data such as SMS messages, photos, and push notifications. Furthermore, the trojan automatically spreads the malicious file to all contacts in the user's messenger app.

The primary aim of the attackers is to steal payment data and exploit personal information for fraudulent purposes.

The Ministry of Internal Affairs has issued a warning, advising users to avoid opening any unknown files, even if they appear to be from familiar contacts, in order to protect their devices and prevent the leakage of personal data.

By Vafa Guliyeva