Russian hackers have successfully stolen personal data from several thousand conscripts by creating a fake chatbot for the "Reserve+" application on Telegram. However, the application itself was not hacked.
According to cybersecurity expert Konstantin Korsun, users of the "Reserve+" application recently began receiving messages from the "Reserve+" Telegram bot, requesting them to download a specific file "to correctly make changes to the registry." The file contained malicious software that stole all information from the smartphone.
"After extracting everything possible from the smartphone, this malware self-deletes. Meanwhile, most users are unaware that something bad is happening and that all information from their smartphone has already been stolen," he wrote on his Facebook page.
Korsun stated that the malicious program was distributed by a Telegram bot that "was designated as 'official' by Reserve+" when the application was created. It seems that recently this bot was "hijacked" by a group of Russian hackers who began using it for their malicious purposes.
However, the Ministry of Defense denies that it was indeed the official Telegram bot and notes that Russians created a new twin bot. The agency pointed out that some time ago they stopped using the Telegram bot due to the unreliability of this messenger.
"We abandoned this channel because we could not guarantee data security on this platform. The chatbot was removed from the application, and the alpha name of the bot was also deleted. However, this created an opportunity for pro-Russian fraudulent groups, which took advantage of the former alpha name to create a new fake bot," the Ministry of Defense stated.
The agency claims that they immediately contacted the Telegram administration as soon as they discovered the distribution of malicious files through this fake bot, and it was promptly removed.
"It is important to emphasize that this in no way affected the security of the Reserve+ application. All user data is transmitted to the Oberig registry exclusively in encrypted form. The Reserve+ itself does not store any user data," the defense agency noted.
Russia has intensified its sabotage activities
As reported by UNIAN, Microsoft has stated that countries like Russia, Iran, and North Korea have changed their operational methods over the past year, particularly beginning to experiment with AI for conducting cyberattacks. At the same time, Russia has likely "outsourced" part of its cyber espionage to criminal groups, especially regarding espionage in Ukraine.
We also reported that leaders of British intelligence and counterintelligence complained about the "savagery" of Russian special services, which have significantly increased their subversive activities against the West.