In the Telegram messenger, attackers allegedly used a technical support bot for the application for conscripts, military personnel and reservists “Reserve+” to send malicious programs.
The press service of the State Service for Special Communications and Information Protection of Ukraine reported this today, October 16.
It is noted that:
- an account @reserveplusbot was created under the guise of a Telegram bot, simulating technical support for the “Reserve+” application;
- messages were distributed through the @reserveplusbot account about the need to install special software with an attached RESERVPLUS.zip archive;
- This archive contains malicious software MEDUZASTEALER, which steals files.
The details of the incident are being clarified. The government response team CERT-UA CERT-UA has taken measures to minimize the threat.
The DSSZII notes that such an account was indeed noted in May 2024 as one of the “Reserve+” technical support contacts.
Please note that links to contacts in the Telegram messenger that were published earlier, including on the official pages of government agencies, lead to a malicious account. Therefore, we ask you to refrain from interacting with the @reserveplusbot Telegram account and downloading any files,” the department notes.
Source: Racurs
I am David Wyatt, a professional writer and journalist for Buna Times. I specialize in the world section of news coverage, where I bring to light stories and issues that affect us globally. As a graduate of Journalism, I have always had the passion to spread knowledge through writing.