Kaspersky has warned that fake Telegram Premium offers have been spreading globally, targeting users with phishing scams and malware disguised as alternative app versions. These attacks aim to steal account credentials or compromise devices. The scams capitalise on Telegram Premium’s popularity and gifting feature, making it crucial for users to remain vigilant.
Telegram Premium is a subscription that offers exclusive features, such as faster download speeds, voice-to-text conversion, premium stickers, an ad-free experience, and more. Users can gift a subscription, and scammers capitalise on this gifting feature and the Telegram Premium topic in general.
One of the tricks begins when a user receives a message that appears to come from someone in their contact list, whose account may have been hacked. The message claims: “You’ve been sent a gift — a Telegram Premium subscription”. Below, there’s a link that looks legitimate but actually redirects the user to a phishing page, prompting them to log in to Telegram. If victims scan the code or enter their credentials, their account is immediately compromised, giving scammers access to their login details, password, and potentially their authentication code.
There are other tricks referencing the Telegram Premium theme, and not all of them necessarily start with messages on Telegram. Attackers may also use other methods to send phishing links, for example, email.
For instance, perpetrators host fake “giveaways” for Telegram Premium subscriptions. Victims are lured into participating, and in a series of steps, they are directed to a phishing site where they are prompted to enter their Telegram account credentials, ultimately resulting in their account being compromised.
Another machination involves cybercriminals sending victims an invitation to download a ZIP archive that claims to contain a version of the messenger service with a “Premium” subscription. The download link redirects users to a phishing page where they are once again asked to log in to Telegram.
Yet another fraud involves distributing malicious software disguised as an alternative version of the Telegram app with a “built-in” Premium subscription. Scammers send victims links to download APK files claiming they are modified versions of the app, but they turn out to be malware.
“Phishing schemes capitalising on the Telegram Premium topic has been observed in several languages, suggesting that the perpetrators operate globally,” advises Olga Svistunova, security expert at Kaspersky. “Even if these scams haven’t yet reached a specific region, there is a probability they could eventually make their way there.
“Therefore, it’s always important to remain cautious and skeptical of offers that seem too good to be true. Additionally, make sure your Telegram security and privacy settings are up to date, and your device has a robust security solution.”