It is suggested to install “special software”. It steals files from user devices.
The State Service for Special Communications and Information Protection of Ukraine warns about a dangerous virus sent by scammers on Telegram. The malware disguises itself as Reserve+ and appears to be “advice” from the application’s support team.
It was learned that the government response team CERT-UA received information about the active spread of the virus through the @reserveplusbot account. The attackers send messages offering to install “special software”, attaching an archive called “RESERVPLUS.zip”. This archive contains the MEDUZASTEALER malware, which steals files from user devices.
“The @reserveplusbot account was created under the guise of the official Telegram bot for technical support of the application for conscripts, military personnel and reservists Reserve+. As of May 2024, this bot was actually used as one of the application’s technical support contacts Reserve+“- reported the State Service for Special Communications and Protection of Ukraine.
CERT-UA has reportedly taken steps to mitigate the threat, but urges users to exercise caution. These contact links, previously published on official government pages, now lead to a malicious account.
Users are advised to avoid contacting the @reserveplusbot account and not to download files.
It was previously reported that hackers, under the guise of recruiting for the 3rd Brigade and the IDF, were sending messages with malicious software to Ukrainian Armed Forces personnel.
We remind you that cybercriminals sent viruses to Polish officials on behalf of Ukrainian officials.
Source: korrespondent
I am David Wyatt, a professional writer and journalist for Buna Times. I specialize in the world section of news coverage, where I bring to light stories and issues that affect us globally. As a graduate of Journalism, I have always had the passion to spread knowledge through writing.