Ukrainians warned about the spread of malware on Telegram

17 October 04:05

The Telegram messenger has detected the spread of malicious messages allegedly from the technical support of the Reserve app. This was reported by Komersant UkrainianKomersant Ukrainian with reference to the State Special Communications Service.

The government response team CERT-UA received information about the distribution of messages via the @reserveplusbot account about the need to install “special software” with the attached archive “RESERVPLUS.zip”.

Experts found that this archive contained the Meduza Stealer malware, which steals files.

The State Service for Special Communications noted that the @reserveplusbot account was created under the guise of a Telegram bot that imitates the technical support of the Reserve app. It should be noted that in May 2024, such an account was indeed listed as one of the technical support contacts of the Reserv app.

It is noted that the links to the contact in the Telegram messenger, which were published earlier, in particular on the official pages of government agencies, currently lead to a malicious account.

“Therefore, we ask you to refrain from interacting with the @reserveplusbot Telegram account and downloading any files from it,” the State Special Communications Service said.

It is reported that the details of the incident are currently being investigated, and the CERT-UA team has taken measures to minimise the threat.

Дзвенислава Карплюк
Editor