The criminals managed to bypass two-factor authentication and Telegram security systems.
![[IMG]](https://www.securitylab.ru/upload/iblock/b20/b2084d9c57060f4c3911be826aca488f.jpeg "[IMG]")
The attackers stole access to one of the major Russian-language Telegram channels dedicated to the Reddit Internet resource. The editorial staff of "Code Durov" learned from the channel administrator the details of the incident.
On November 10, an attacker wrote to the channel administrator, calling himself the Russian representative of Wondershare Filmora. The scammer spoke a little about Filmora video editing software and announced his interest in cooperation. An unknown person asked to indicate the price of advertising integration in a video publication on the channel, and began to discuss various conditions. The offender sent a technical assignment and noted that "payment will be made immediately before the release of the advertising post", after approval of the materials and video.
The fraudster did not require the administrator to install the Filmora software, but instead sent him a link with an archive. The administrator not only downloaded a video of the technical assignment, but also decided to install the software on his own. He soon found that he no longer had access to the channel.
Before being hijacked by control of the channel, two-factor authentication was enabled on the administrator account. The transfer of the founder's rights to Telegram is possible only if the cloud password is entered on his own, but the fraud victim did not do this.
The attackers stole access to one of the major Russian-language Telegram channels dedicated to the Reddit Internet resource. The editorial staff of "Code Durov" learned from the channel administrator the details of the incident.
On November 10, an attacker wrote to the channel administrator, calling himself the Russian representative of Wondershare Filmora. The scammer spoke a little about Filmora video editing software and announced his interest in cooperation. An unknown person asked to indicate the price of advertising integration in a video publication on the channel, and began to discuss various conditions. The offender sent a technical assignment and noted that "payment will be made immediately before the release of the advertising post", after approval of the materials and video.
The fraudster did not require the administrator to install the Filmora software, but instead sent him a link with an archive. The administrator not only downloaded a video of the technical assignment, but also decided to install the software on his own. He soon found that he no longer had access to the channel.
Before being hijacked by control of the channel, two-factor authentication was enabled on the administrator account. The transfer of the founder's rights to Telegram is possible only if the cloud password is entered on his own, but the fraud victim did not do this.