Marketplace scams: neanderthals hunting mammoths with Telekopye - Jakub Souček & Radek Jizba (ESET)

Presented at the VB2024 conference in Dublin, 2 - 4 October 2024. ↓ Slides: https://www.virusbulletin.com/uploads... ↓ Paper: https://www.virusbulletin.com/uploads... → Details: https://www.virusbulletin.com/confere... ✪ PRESENTED BY ✪ • Jakub Souček (ESET) • Radek Jizba (ESET) ✪ ABSTRACT ✪ Telekopye is a Swiss Army knife for turning online marketplace scams into organized illicit businesses. Dozens of groups with up to thousands of members each utilize it every day to steal millions from 'mammoths', as they call the targeted buyers and sellers. 'Neanderthals', as we call the scammers, require little to no technical knowledge – Telekopye takes care of everything in a matter of seconds. Thanks to collaboration with law enforcement and several of the online marketplaces targeted by Telekopye, we were able to gain unique insight into the whole operation. One of the most shocking discoveries was that some Telekopye groups, instead of employing cybercriminal wannabes, threaten people in difficult life situations and force them to perform these scams. This chilling fact puts the whole operation into a completely different light. We were also able to better understand the online marketplaces’ defence capabilities, which we will briefly share with the audience. Additionally, we helped those marketplaces further strengthen their defence based on what we learned from Neanderthals’ internal documentation (obtained by infiltrating their ranks). Join us on a journey exploring these scams from the attacker’s perspective. Telekopye is designed to target a large variety of services (OLX, Vinted, eBay, Wallapop), mainly in Europe and North America. It offers advanced features to its users, which we will demonstrate – fully automated phishing web page generation, an interactive chatbot with on-the-fly translation, and anti-DDoS protection of the whole phishing domain, to name a few. Telekopye groups have expanded their targeting recently – they have added support for scam scenarios aimed at users of popular online platforms for hotel reservations. According to our telemetry, this scam type seems to be the most popular one currently. We will demonstrate how this scenario works and how to detect and prevent it. As the best defence against these scams is awareness, as well as our demonstrations, we will provide a comprehensive guide to evading the Neanderthals’ spears.