In the State Service of Special Communications and information protection of Ukraine report that fraudsters are distributing malicious messages in Telegram via the fake bot “Reserve+”.
This was reported by “URA-Inform” with reference to Comments.
It is noted that they look like “advice” from the program's support service. The government response team CERT-UA received information about the active distribution of malware through the @reserveplusbot account.
“The attackers are sending messages offering to install “special software”, attaching an archive called “RESERVPLUS.zip”. As it turned out, the archive contains the MEDUZASTEALER malware, which steals files from users' devices. The @reserveplusbot account was created under the guise of the official Telegram bot for technical support of the Reserve+ program for conscripts, military personnel, and reservists,” the message says.
It is important to note that in May 2024, this bot was actually used as one of the technical support contacts for the Reserve+ program. CERT-UA has already taken measures to minimize the threat, but urges users to be careful. Links to this contact, which were previously published on the official pages of government agencies, now lead to the attackers' account.
In this regard, users are advised to refrain from interacting with the @reserveplusbot account and not to download any files from it. If you suspect that you have become a victim of an attack, you must immediately inform the Ukrainian government emergency response team CERT-UA ([email protected], mob. 38 (044) 281-88.
Recall that it was previously reported that the procedure for establishing disability due to war has changed in Ukraine: what you should know.