Telegram Mini Apps Abused for Crypto Scams, Android Malware Delivery
CybersecurityDefenseCrypto

Telegram Mini Apps Abused for Crypto Scams, Android Malware Delivery

BleepingComputer
BleepingComputerMay 3, 2026

Companies Mentioned

Telegram

Telegram

NVIDIA

NVIDIA

NVDA

Coca-Cola

Coca-Cola

Disney

Disney

MoonPay

MoonPay

Apple

Apple

AAPL

CoreWeave

CoreWeave

CRWV

Google

Google

GOOG

eBay

eBay

TikTok

TikTok

Claro

Claro

IBM

IBM

IBM

BBC

BBC

Meta

Meta

META

Why It Matters

The abuse turns Telegram’s trusted messaging environment into a conduit for financial fraud and malware, threatening both consumer assets and platform credibility. It signals a need for stronger bot and Mini App controls to protect users.

Key Takeaways

  • FEMITBOT uses Telegram Mini Apps to host phishing pages inside the app.
  • Attackers impersonate brands like Apple, Disney, and NVIDIA to boost credibility.
  • Victims are lured to deposit funds or download malicious Android APKs.
  • Shared backend lets scammers switch domains, languages, and themes quickly.
  • Meta and TikTok tracking pixels monitor user activity for campaign optimization.

Pulse Analysis

Telegram’s Mini Apps are lightweight web applications that run inside the messenger’s built‑in browser, allowing services such as payments, account access, and interactive tools without leaving the platform. This convenience also creates a fertile ground for abuse, as demonstrated by the CTM360‑identified FEMITBOT operation. Researchers found that the fraud network leverages Telegram bots to launch Mini Apps that display fully functional‑looking phishing pages, effectively turning a chat conversation into a hostile storefront. By embedding malicious content directly in the app, attackers bypass traditional browser warnings and exploit users’ trust in the Telegram ecosystem.

The campaign impersonates high‑profile brands—including Apple, Coca‑Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu—to lend credibility to bogus crypto investment offers. Victims encounter dashboards showing fabricated balances, countdown timers, and urgent “withdraw” prompts that require a deposit or referral task, a classic advance‑fee scheme. Some Mini Apps also serve Android APKs masquerading as legitimate software, hosted on the same TLS‑protected domain to avoid mixed‑content alerts. By coupling brand spoofing with seamless in‑app delivery, the operators increase conversion rates while remaining under the radar of conventional anti‑phishing filters.

The rise of Mini App‑based phishing underscores a broader shift toward in‑messenger attack vectors, where traditional security layers are bypassed. For enterprises, compromised accounts can serve as footholds for lateral movement and data exfiltration, while consumers risk financial loss and device infection. Telegram must strengthen bot verification, enforce stricter Mini App vetting, and provide clearer warnings for external downloads. Meanwhile, users should treat unsolicited bot invitations with skepticism, avoid depositing funds, and never sideload APKs from unknown sources. Proactive awareness and platform safeguards are essential to preserve trust in messaging services.

Telegram Mini Apps abused for crypto scams, Android malware delivery

Read Original Article

Comments

Want to join the conversation?

Loading comments...