Researchers uncovered a large-scale fraud operation called FEMITBOT that uses Telegram Mini Apps and bots to run crypto scams, impersonate major brands, and distribute Android malware via sideloaded APKs. The campaigns rely on a shared backend, in-app phishing pages, and tracking pixels to optimize conversions, so users should avoid launching Mini Apps from unknown bots or sideloading APKs. #FEMITBOT #TelegramMiniApps
Keypoints
- Researchers identified FEMITBOT as a platform abusing Telegram Mini Apps to host scams and phishing pages.
- Attackers impersonated brands such as Apple, NVIDIA, Disney, eBay, and IBM to increase credibility.
- The operation uses a shared backend and identical API responses across multiple domains and bots.
- Some Mini Apps attempted to distribute Android APKs while using Meta and TikTok tracking pixels to measure conversions.
- Users should avoid interacting with unknown Telegram bots, launching Mini Apps, or sideloading APK files.