Fraudsters are creating fake sports club chats to distribute the BTMOB RAT Android Trojan.
Kaspersky Lab experts have discovered a scheme in which attackers disguised as sports clubs distribute Android malware via Telegram. The attack begins with the scammers creating Telegram chats designed as official platforms for the club network and adding users from the authentic channel's subscriber list.
To make the scam appear credible, the scammers use bots to delete messages about new members joining. Afterward, a post appears in the chat, purportedly from the club, offering a free app download. The lure promises photo-based calorie counting, "smart" food recognition, automatic BJU calculations, daily calorie intake tailored to your goal, and weight tracking with a progress chart.
The message includes an APK file and a download link. The downloaded app opens a fake window mimicking the official app store and prompts the user to install the fitness assistant. Instead of the useful app, a dropper is downloaded to the device, which then downloads the BTMOB RAT remote access Trojan, known since 2024. The purpose of this combination is to steal money and user data.
The APK post periodically disappears and reappears to stay at the top of the feed and constantly attract the attention of chat participants. According to Kaspersky Lab expert Dmitry Kalinin, scammers often send malicious APKs via instant messaging apps, disguising them as harmless apps. In this case, they're capitalizing on the "free" offer ahead of the warm season and on subscribers' trust in "official" channels. Kalinin recommends being wary of free offers, carefully checking the source, downloading APKs only from trusted sources, and scanning files before installing.
Kaspersky Lab experts have discovered a scheme in which attackers disguised as sports clubs distribute Android malware via Telegram. The attack begins with the scammers creating Telegram chats designed as official platforms for the club network and adding users from the authentic channel's subscriber list.
To make the scam appear credible, the scammers use bots to delete messages about new members joining. Afterward, a post appears in the chat, purportedly from the club, offering a free app download. The lure promises photo-based calorie counting, "smart" food recognition, automatic BJU calculations, daily calorie intake tailored to your goal, and weight tracking with a progress chart.
The message includes an APK file and a download link. The downloaded app opens a fake window mimicking the official app store and prompts the user to install the fitness assistant. Instead of the useful app, a dropper is downloaded to the device, which then downloads the BTMOB RAT remote access Trojan, known since 2024. The purpose of this combination is to steal money and user data.
The APK post periodically disappears and reappears to stay at the top of the feed and constantly attract the attention of chat participants. According to Kaspersky Lab expert Dmitry Kalinin, scammers often send malicious APKs via instant messaging apps, disguising them as harmless apps. In this case, they're capitalizing on the "free" offer ahead of the warm season and on subscribers' trust in "official" channels. Kalinin recommends being wary of free offers, carefully checking the source, downloading APKs only from trusted sources, and scanning files before installing.
