The spread of malware via Telegram, allegedly from the technical support of the "Reserve+" application, was recorded, the State Special Communications Service reported on Wednesday, UNN reports.
The CERT-UA government response team received information about the distribution of messages via the @reserveplusbot account about the need to install "special software" with the attached archive "RESERVPLUS.zip". The archive was found to contain MEDUZASTEALER malware, which steals files
The service indicated that the @reserveplusbot account was created under the guise of a Telegram bot that imitates technical support for the Reserve+ application for conscripts, persons liable for military service and reservists. The State Service for Special Communications also noted that in May 2024, such an account was indeed listed as one of the technical support contacts for Reserve+.
Details of the incident are currently being investigated. The CERT-UA team took measures to minimize the threat.
"Please note that the links to the contact in the Telegram messenger, which were published earlier, in particular on the official pages of government agencies, currently lead to a malicious account. Therefore, we ask to refrain from interacting with the @reserveplusbot Telegram account and downloading any files from it," the State Special Communications Service emphasized.